From patchwork Wed Nov 6 19:01:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230867 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D031315AB for ; Wed, 6 Nov 2019 19:02:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id A38C7214D8 for ; Wed, 6 Nov 2019 19:02:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="IYQfPpBx" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732242AbfKFTB1 (ORCPT ); Wed, 6 Nov 2019 14:01:27 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36128 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732215AbfKFTB1 (ORCPT ); Wed, 6 Nov 2019 14:01:27 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 7E2A82010C18; Wed, 6 Nov 2019 11:01:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7E2A82010C18 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066886; bh=fjc1SDZ6eAyerupfns9th1oRdeR4c1j0/l98r7qhoWI=; h=From:To:Subject:Date:In-Reply-To:References:From; b=IYQfPpBxfFCmXMbhSh7x03hOIBgGLnV2WV8Bb94KUj/gJab9+0p32BILkWBdNZscL u44Maavjs7FLkS3j7zTfE0wnqbT15F5seP9GmE7MnDZPfbb3fIRGOFN0tOQU9OgS/N JMsRdnR1UP3OdLm5I6Rz2OrlUbZKGLHKpB3k0DEc= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 01/10] IMA: Defined an IMA hook to measure keys on key create or update Date: Wed, 6 Nov 2019 11:01:07 -0800 Message-Id: <20191106190116.2578-2-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Asymmetric keys used for verifying file signatures or certificates are currently not included in the IMA measurement list. This patch defines a new IMA hook namely ima_post_key_create_or_update() to measure asymmetric keys. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima_main.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index d7e987baf127..a0e233afe876 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -721,6 +721,22 @@ void ima_kexec_cmdline(const void *buf, int size) KEXEC_CMDLINE, 0); } +/** + * ima_post_key_create_or_update - measure asymmetric keys + * @keyring: keyring to which the key is linked to + * @key: created or updated key + * @flags: key flags + * @create: flag indicating whether the key was created or updated + * + * Keys can only be measured, not appraised. + */ +void ima_post_key_create_or_update(struct key *keyring, struct key *key, + unsigned long flags, bool create) +{ + if ((keyring != NULL) && (key != NULL)) + return; +} + static int __init init_ima(void) { int error; From patchwork Wed Nov 6 19:01:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230871 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CF79D15AB for ; Wed, 6 Nov 2019 19:02:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id AE6C321929 for ; Wed, 6 Nov 2019 19:02:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="JRWAv8jY" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732541AbfKFTCD (ORCPT ); Wed, 6 Nov 2019 14:02:03 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36136 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732217AbfKFTB1 (ORCPT ); Wed, 6 Nov 2019 14:01:27 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id A63CF20B4902; Wed, 6 Nov 2019 11:01:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com A63CF20B4902 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066886; bh=emQkMogDPg+7vZ3mbA++3IrBI+JG/p38LRyTUkrJ4qw=; h=From:To:Subject:Date:In-Reply-To:References:From; b=JRWAv8jY0lkvRKSxRG0bkY8whJhlPyPo/gc5HddtERuoEfQ9x15MTs0QxvR9oMD3d EhvM9F14J3BHtK890ZG87YQUwDc11huOBlzAwURe/bXzC97l6JSerE+lhuUVRo9pti Sh2WbaoVCxs8rOrpBHomgCpnPdvx7hWd4Z0v4+dg= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 02/10] IMA: Added KEYRING_CHECK func in IMA policy to measure keys Date: Wed, 6 Nov 2019 11:01:08 -0800 Message-Id: <20191106190116.2578-3-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org IMA policy needs to support a func to enable measurement of asymmetric keys. This patch defines a new IMA policy func namely KEYRING_CHECK to measure asymmetric keys. Signed-off-by: Lakshmi Ramasubramanian --- Documentation/ABI/testing/ima_policy | 6 ++++++ security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_policy.c | 2 +- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index 29aaedf33246..341df49b5ad1 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -30,6 +30,7 @@ Description: [FIRMWARE_CHECK] [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK] [KEXEC_CMDLINE] + [KEYRING_CHECK] mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND] [[^]MAY_EXEC] fsmagic:= hex value @@ -113,3 +114,8 @@ Description: Example of appraise rule allowing modsig appended signatures: appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig + + Example of measure rule using KEYRING_CHECK to measure + all keys: + + measure func=KEYRING_CHECK diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index df4ca482fb53..7f23405b2718 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -193,6 +193,7 @@ static inline unsigned long ima_hash_key(u8 *digest) hook(KEXEC_INITRAMFS_CHECK) \ hook(POLICY_CHECK) \ hook(KEXEC_CMDLINE) \ + hook(KEYRING_CHECK) \ hook(MAX_CHECK) #define __ima_hook_enumify(ENUM) ENUM, diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index f19a895ad7cd..4344b7354fc5 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -373,7 +373,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, { int i; - if (func == KEXEC_CMDLINE) { + if ((func == KEXEC_CMDLINE) || (func == KEYRING_CHECK)) { if ((rule->flags & IMA_FUNC) && (rule->func == func)) return true; return false; From patchwork Wed Nov 6 19:01:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230873 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 08E2F1864 for ; Wed, 6 Nov 2019 19:02:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DAFB921D7E for ; Wed, 6 Nov 2019 19:02:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="VCTitycI" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732546AbfKFTCD (ORCPT ); Wed, 6 Nov 2019 14:02:03 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36152 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732219AbfKFTB1 (ORCPT ); Wed, 6 Nov 2019 14:01:27 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id CD31A20B4903; Wed, 6 Nov 2019 11:01:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com CD31A20B4903 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066886; bh=Vn1DTnsnkYEUMpWj4b4LGG4HQThqx8QQ+UbmMlGwIIw=; h=From:To:Subject:Date:In-Reply-To:References:From; b=VCTitycIB4TCqBKhWLu/29FZdPJmBxbGsPTap00A9B0z97mghgb/tO6CpyZU7cduM 1aC7+h1Tdf4m5u+b/VzMaB2HRCbSO6s/9pkODDDePGl3r2FWfdNhXxAiSXYk5yg4xm gnEmHgbCbuPzACgblxaK/qy8Ao4apr9LSKezeJCs= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 03/10] IMA: Added keyrings= option in IMA policy to only measure keys added to the specified keyrings. Date: Wed, 6 Nov 2019 11:01:09 -0800 Message-Id: <20191106190116.2578-4-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org IMA policy needs to support measuring only those keys linked to a specific set of keyrings. This patch defines a new IMA policy option namely "keyrings=" that can be used to specify a set of keyrings. If this option is specified in the policy for func=KEYRING_CHECK then only the keys linked to the keyrings given in "keyrings=" option are measured. If "keyrings=" option is not specified for func=KEYRING_CHECK then all keys are measured. Signed-off-by: Lakshmi Ramasubramanian --- Documentation/ABI/testing/ima_policy | 10 +++++++++- security/integrity/ima/ima_policy.c | 2 ++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index 341df49b5ad1..be2874fa3928 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -25,7 +25,7 @@ Description: lsm: [[subj_user=] [subj_role=] [subj_type=] [obj_user=] [obj_role=] [obj_type=]] option: [[appraise_type=]] [template=] [permit_directio] - [appraise_flag=] + [appraise_flag=] [keyrings=] base: func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK] [FIRMWARE_CHECK] [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK] @@ -43,6 +43,9 @@ Description: appraise_flag:= [check_blacklist] Currently, blacklist check is only for files signed with appended signature. + keyrings:= list of keyrings + (eg, .builtin_trusted_keys|.ima). Only valid + when action is "measure" and func is KEYRING_CHECK. template:= name of a defined IMA template type (eg, ima-ng). Only valid when action is "measure". pcr:= decimal value @@ -119,3 +122,8 @@ Description: all keys: measure func=KEYRING_CHECK + + Example of measure rule using KEYRING_CHECK to only measure + keys added to .builtin_trusted_keys or .ima keyring: + + measure func=KEYRING_CHECK keyrings=.builtin_trusted_keys|.ima diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 4344b7354fc5..4d68ad8ed91c 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -34,6 +34,7 @@ #define IMA_EUID 0x0080 #define IMA_PCR 0x0100 #define IMA_FSNAME 0x0200 +#define IMA_KEYRINGS 0x0400 #define UNKNOWN 0 #define MEASURE 0x0001 /* same as IMA_MEASURE */ @@ -79,6 +80,7 @@ struct ima_rule_entry { int type; /* audit type */ } lsm[MAX_LSM_RULES]; char *fsname; + char *keyrings; /* Measure keys added to these keyrings */ struct ima_template_desc *template; }; From patchwork Wed Nov 6 19:01:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230849 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 42DA71864 for ; Wed, 6 Nov 2019 19:01:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 20BF6217F9 for ; Wed, 6 Nov 2019 19:01:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="rPaGli8m" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732309AbfKFTB2 (ORCPT ); Wed, 6 Nov 2019 14:01:28 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36164 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732221AbfKFTB1 (ORCPT ); Wed, 6 Nov 2019 14:01:27 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id F417520B4904; Wed, 6 Nov 2019 11:01:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com F417520B4904 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066887; bh=pdZMTl5IJ3XXZubK6GdXhNLleyudkMn7QHLhVAEdwuA=; h=From:To:Subject:Date:In-Reply-To:References:From; b=rPaGli8mIP/hietVzL5XjZNbR1xELEi+RlsF2Xm8RNqO0HQfsz8FpkD6ui+ZjnMIS fSo9KOx7BykKmYLW+mHRXcjmyx2Vft7qC3Zgeb+MTUyyCqtXrtzCgLeKyLJekFeg91 8+5EGzxHiLz/YbsgzEc0m7yPAiytUz4v3bBwJnYI= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 04/10] IMA: Read keyrings= option from the IMA policy into ima_rule_entry Date: Wed, 6 Nov 2019 11:01:10 -0800 Message-Id: <20191106190116.2578-5-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org "keyrings=" option, if specified in the IMA policy, needs to be stored in the list of IMA rules when the configured IMA policy is read. This patch defines a new policy token enum namely Opt_keyrings for reading "keyrings=" option from the IMA policy. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima_policy.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 4d68ad8ed91c..74a727dc6030 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -768,7 +768,8 @@ enum { Opt_uid_gt, Opt_euid_gt, Opt_fowner_gt, Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt, Opt_appraise_type, Opt_appraise_flag, - Opt_permit_directio, Opt_pcr, Opt_template, Opt_err + Opt_permit_directio, Opt_pcr, Opt_template, Opt_keyrings, + Opt_err }; static const match_table_t policy_tokens = { @@ -804,6 +805,7 @@ static const match_table_t policy_tokens = { {Opt_permit_directio, "permit_directio"}, {Opt_pcr, "pcr=%s"}, {Opt_template, "template=%s"}, + {Opt_keyrings, "keyrings=%s"}, {Opt_err, NULL} }; @@ -1051,6 +1053,23 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) result = 0; entry->flags |= IMA_FSNAME; break; + case Opt_keyrings: + ima_log_string(ab, "keyrings", args[0].from); + + if ((entry->keyrings) || + (entry->action != MEASURE) || + (entry->func != KEYRING_CHECK)) { + result = -EINVAL; + break; + } + entry->keyrings = kstrdup(args[0].from, GFP_KERNEL); + if (!entry->keyrings) { + result = -ENOMEM; + break; + } + result = 0; + entry->flags |= IMA_KEYRINGS; + break; case Opt_fsuuid: ima_log_string(ab, "fsuuid", args[0].from); @@ -1426,6 +1445,13 @@ int ima_policy_show(struct seq_file *m, void *v) seq_puts(m, " "); } + if (entry->flags & IMA_KEYRINGS) { + if (entry->keyrings != NULL) + snprintf(tbuf, sizeof(tbuf), "%s", entry->keyrings); + seq_printf(m, pt(Opt_keyrings), tbuf); + seq_puts(m, " "); + } + if (entry->flags & IMA_PCR) { snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr); seq_printf(m, pt(Opt_pcr), tbuf); From patchwork Wed Nov 6 19:01:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230851 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7D71715AB for ; Wed, 6 Nov 2019 19:01:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5989721882 for ; Wed, 6 Nov 2019 19:01:48 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="Elduf5Nr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732295AbfKFTB2 (ORCPT ); Wed, 6 Nov 2019 14:01:28 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36166 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732234AbfKFTB2 (ORCPT ); Wed, 6 Nov 2019 14:01:28 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 276A020B4905; Wed, 6 Nov 2019 11:01:27 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 276A020B4905 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066887; bh=Je8EhlN2eRzd3HgIs8/Pu2dAnSATHmO37XHgaKpLtF8=; h=From:To:Subject:Date:In-Reply-To:References:From; b=Elduf5NripI5mM5qc4aRYBM4wU2hLbzSVIJV/UaZPAKKxmYCIvi14lsBvtDqsXOSh 1XSa0swnlToGGhi9tWi+4YHSr4GSGhCFIuAv2q8u7UtR693kFnFDfg1lavDXIovL06 LuOKqYNTl7XZMKUF5E+1dIkwf4y2GwD7iiFKNdqk= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 05/10] IMA: Updated IMA policy functions to return keyrings option read from the policy Date: Wed, 6 Nov 2019 11:01:11 -0800 Message-Id: <20191106190116.2578-6-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org keyrings option read from the IMA policy needs to be provided to the callers that determine the action to be performed. This patch updates ima_get_action() and ima_match_policy() functions to return the keyrings option specified in the IMA policy. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima.h | 6 ++++-- security/integrity/ima/ima_api.c | 8 +++++--- security/integrity/ima/ima_appraise.c | 2 +- security/integrity/ima/ima_main.c | 5 +++-- security/integrity/ima/ima_policy.c | 7 ++++++- 5 files changed, 19 insertions(+), 9 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 7f23405b2718..387829afb9a2 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -208,7 +208,8 @@ struct modsig; /* LIM API function definitions */ int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc); + struct ima_template_desc **template_desc, + char **keyrings); int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func); int ima_collect_measurement(struct integrity_iint_cache *iint, struct file *file, void *buf, loff_t size, @@ -235,7 +236,8 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *filename); /* IMA policy related functions */ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, enum ima_hooks func, int mask, int flags, int *pcr, - struct ima_template_desc **template_desc); + struct ima_template_desc **template_desc, + char **keyrings); void ima_init_policy(void); void ima_update_policy(void); void ima_update_policy_flag(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 610759fe63b8..fa2cd71ddf1a 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -169,12 +169,13 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @func: caller identifier * @pcr: pointer filled in if matched measure policy sets pcr= * @template_desc: pointer filled in if matched measure policy sets template= + * @keyrings: pointer filled in if matched measure policy sets keyrings= * * The policy is defined in terms of keypairs: * subj=, obj=, type=, func=, mask=, fsmagic= * subj,obj, and type: are LSM specific. * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK - * | KEXEC_CMDLINE + * | KEXEC_CMDLINE | KEYRING_CHECK * mask: contains the permission mask * fsmagic: hex value * @@ -183,14 +184,15 @@ void ima_add_violation(struct file *file, const unsigned char *filename, */ int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, int mask, enum ima_hooks func, int *pcr, - struct ima_template_desc **template_desc) + struct ima_template_desc **template_desc, + char **keyrings) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, - template_desc); + template_desc, keyrings); } /* diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 300c8d2943c5..47ad4f56c0a8 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -55,7 +55,7 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func) security_task_getsecid(current, &secid); return ima_match_policy(inode, current_cred(), secid, func, mask, - IMA_APPRAISE | IMA_HASH, NULL, NULL); + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index a0e233afe876..b6d17f37ba61 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -215,7 +215,7 @@ static int process_measurement(struct file *file, const struct cred *cred, * Included is the appraise submask. */ action = ima_get_action(inode, cred, secid, mask, func, &pcr, - &template_desc); + &template_desc, NULL); violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); if (!action && !violation_check) @@ -647,6 +647,7 @@ void process_buffer_measurement(const void *buf, int size, .buf = buf, .buf_len = size}; struct ima_template_desc *template = NULL; + char *keyrings = NULL; struct { struct ima_digest_data hdr; char digest[IMA_MAX_DIGEST_SIZE]; @@ -665,7 +666,7 @@ void process_buffer_measurement(const void *buf, int size, if (func) { security_task_getsecid(current, &secid); action = ima_get_action(NULL, current_cred(), secid, 0, func, - &pcr, &template); + &pcr, &template, &keyrings); if (!(action & IMA_MEASURE)) return; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 74a727dc6030..53379a19de43 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -481,6 +481,7 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) * @pcr: set the pcr to extend * @template_desc: the template that should be used for this rule + * @keyrings: set the keyrings for this rule, if specified * * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type) * conditions. @@ -491,7 +492,8 @@ static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func) */ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, enum ima_hooks func, int mask, int flags, int *pcr, - struct ima_template_desc **template_desc) + struct ima_template_desc **template_desc, + char **keyrings) { struct ima_rule_entry *entry; int action = 0, actmask = flags | (flags << 1); @@ -527,6 +529,9 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, if ((pcr) && (entry->flags & IMA_PCR)) *pcr = entry->pcr; + if ((keyrings) && (entry->flags & IMA_KEYRINGS)) + *keyrings = entry->keyrings; + if (template_desc && entry->template) *template_desc = entry->template; From patchwork Wed Nov 6 19:01:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230863 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B9D691599 for ; Wed, 6 Nov 2019 19:01:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9844D206DF for ; Wed, 6 Nov 2019 19:01:58 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="HsFPoEXQ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731665AbfKFTB5 (ORCPT ); Wed, 6 Nov 2019 14:01:57 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36170 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732259AbfKFTB2 (ORCPT ); Wed, 6 Nov 2019 14:01:28 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 4EDA020B4906; Wed, 6 Nov 2019 11:01:27 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 4EDA020B4906 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066887; bh=n1NP0EUOPt57DXoMwVasH/v3zddNJcqY0C3hlBcerBA=; h=From:To:Subject:Date:In-Reply-To:References:From; b=HsFPoEXQcPIUDqX9bZ6aRXalWlW33QNp6m4uPNRI8qfX2Nk2pc4RFV/riaoCL0OV+ t54Kgxzd/ZVPMYvy6ZOMrr3IbfpiY/7+JpDIUqo17y9UFDPQ7awv8BeAUvA5ENngxX 2ZgXtkqAT2MPOIcw5xSl6tWlZfFFcRlYHweAiOmE= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 06/10] IMA: Measure key if the IMA policy allows measurement for the keyring to which the key is linked to Date: Wed, 6 Nov 2019 11:01:12 -0800 Message-Id: <20191106190116.2578-7-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org process_buffer_measurement() needs to check if the keyring to which the given key is linked to is listed in the keyrings option in the IMA policy. This patch adds a new parameter "keyring" to process_buffer_measurement(). If process_buffer_measurement() is called with func KEYRING_CHECK and the name of the keyring to which the key is linked to, then the given key is measured if: 1, IMA policy did not specify "keyrings=" option. 2, Or, the given keyring name is listed in the "keyrings=" option. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_appraise.c | 2 +- security/integrity/ima/ima_main.c | 26 ++++++++++++++++++++++++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 387829afb9a2..f15199f7ff2a 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -221,7 +221,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, struct ima_template_desc *template_desc); void process_buffer_measurement(const void *buf, int size, const char *eventname, enum ima_hooks func, - int pcr); + int pcr, const char *keyring); void ima_audit_measurement(struct integrity_iint_cache *iint, const unsigned char *filename); int ima_alloc_init_template(struct ima_event_data *event_data, diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 47ad4f56c0a8..a9649b04b9f1 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -330,7 +330,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint, if ((rc == -EPERM) && (iint->flags & IMA_MEASURE)) process_buffer_measurement(digest, digestsize, "blacklisted-hash", NONE, - pcr); + pcr, NULL); } return rc; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index b6d17f37ba61..56540357c854 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -632,12 +632,22 @@ int ima_load_data(enum kernel_load_data_id id) * @eventname: event name to be used for the buffer entry. * @func: IMA hook * @pcr: pcr to extend the measurement + * @keyring: keyring for the measurement + * + * The following scenarios are possible with respect to + * the parameter "keyring": + * 1, keyring is NULL. In this case buffer is measured. + * 2, keyring is not NULL, but ima_get_action returned + * a NULL keyrings. In this case also the buffer is measured. + * 3, keyring is not NULL and ima_get_action returned + * a non-NULL keyrings. In this case measure the buffer + * only if the given keyring is present in the keyrings. * * Based on policy, the buffer is measured into the ima log. */ void process_buffer_measurement(const void *buf, int size, const char *eventname, enum ima_hooks func, - int pcr) + int pcr, const char *keyring) { int ret = 0; struct ima_template_entry *entry = NULL; @@ -656,6 +666,13 @@ void process_buffer_measurement(const void *buf, int size, int action = 0; u32 secid; + /* + * If IMA is not yet initialized or IMA policy is empty + * then there is no need to measure. + */ + if (!ima_policy_flag) + return; + /* * Both LSM hooks and auxilary based buffer measurements are * based on policy. To avoid code duplication, differentiate @@ -671,6 +688,11 @@ void process_buffer_measurement(const void *buf, int size, return; } + if ((keyring != NULL) && (keyrings != NULL) + && (strstr(keyrings, keyring) == NULL)) { + return; + } + if (!pcr) pcr = CONFIG_IMA_MEASURE_PCR_IDX; @@ -719,7 +741,7 @@ void ima_kexec_cmdline(const void *buf, int size) { if (buf && size != 0) process_buffer_measurement(buf, size, "kexec-cmdline", - KEXEC_CMDLINE, 0); + KEXEC_CMDLINE, 0, NULL); } /** From patchwork Wed Nov 6 19:01:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230855 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E8F3715AB for ; Wed, 6 Nov 2019 19:01:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C5FE0206DF for ; Wed, 6 Nov 2019 19:01:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="sZ9Gms1Y" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732486AbfKFTBs (ORCPT ); Wed, 6 Nov 2019 14:01:48 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36184 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732215AbfKFTB2 (ORCPT ); Wed, 6 Nov 2019 14:01:28 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 76F7820B4907; Wed, 6 Nov 2019 11:01:27 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 76F7820B4907 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066887; bh=vzYPZl2IGof7+mAg55CncHBag4fIUbnnADY8hCvLvn0=; h=From:To:Subject:Date:In-Reply-To:References:From; b=sZ9Gms1Y/cRhVwtVw52cvtghfyKsKsh5QJAGFfeC9JYRs+tP/rItB0miMZ3rOQqg+ IdUT0d/T3wrymsjo4NjVwS+8woW8+0vpFxqxt2bLYP2cZyZjvc4m7l/w+vx5b/PgKH m4Ys7vBSJmQYm7OOppi9WofAi0Y8igsOMhHihcH4= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 07/10] IMA: Added a boolean flag to track IMA initialization status Date: Wed, 6 Nov 2019 11:01:13 -0800 Message-Id: <20191106190116.2578-8-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org IMA initialization status need to be checked before attempting to determine the action (measure, appraise, etc.) and any related options specified in the IMA policy. This patch defines a flag namely ima_initialized to track IMA initialization status. ima_policy_flag cannot be relied upon for knowing IMA initialization status because ima_policy_flag will be set to 0 when either IMA is not initialized or the IMA policy itself is empty. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_init.c | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index f15199f7ff2a..6a86daa62c5b 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -52,6 +52,7 @@ extern int ima_policy_flag; extern int ima_hash_algo; extern int ima_appraise; extern struct tpm_chip *ima_tpm_chip; +extern bool ima_initialized; /* IMA event related data */ struct ima_event_data { diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 5d55ade5f3b9..a810af6df587 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -23,6 +23,7 @@ /* name for boot aggregate entry */ static const char boot_aggregate_name[] = "boot_aggregate"; struct tpm_chip *ima_tpm_chip; +bool ima_initialized; /* Add the boot aggregate to the IMA measurement list and extend * the PCR register. @@ -131,5 +132,11 @@ int __init ima_init(void) ima_init_policy(); - return ima_fs_init(); + rc = ima_fs_init(); + if (rc != 0) + return rc; + + ima_initialized = true; + + return 0; } From patchwork Wed Nov 6 19:01:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230837 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 182561599 for ; Wed, 6 Nov 2019 19:01:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DF8FC217F9 for ; Wed, 6 Nov 2019 19:01:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="LyIJrdjr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732359AbfKFTB3 (ORCPT ); Wed, 6 Nov 2019 14:01:29 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36192 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732279AbfKFTB3 (ORCPT ); Wed, 6 Nov 2019 14:01:29 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 9F2D020B4908; Wed, 6 Nov 2019 11:01:27 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 9F2D020B4908 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066887; bh=3KLwpY5WMSeoDc50Cu89wwg2YWMqHdF3aIcDS9t248o=; h=From:To:Subject:Date:In-Reply-To:References:From; b=LyIJrdjrjZCdWOhfDfWtmkxfgWlY5ab9yKEg/JEa3uR2FJVJBGfuXXopPKPFDV5xL lXYwiPzRx66BTFc8keXivQGE8NE1gM8WPtwG4EWsOkrCns+WPLLkH7NkBjo0kOSZvB JXCbXJrxNMoGfyqJMST0IwMHZ68+SMUot+Y4cyIs= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 08/10] IMA: Defined functions to queue and dequeue keys for measurement Date: Wed, 6 Nov 2019 11:01:14 -0800 Message-Id: <20191106190116.2578-9-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org A key can be measured right away only if IMA is initialized. Otherwise, the key should be queued up and processed when IMA initialization is completed. This patch defines functions to queue and dequeue keys for measurement and a config to enable these functions. These functions are defined in a new file namely ima_asymmetric_keys.c Note that currently IMA subsystem can be enabled without enabling KEYS subsystem. Adding support for measuring asymmetric keys in IMA requires KEYS subsystem to be enabled. To handle this dependency a new config namely CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS has been added. Enabling this config requires the following configs to be enabled: CONFIG_IMA, CONFIG_KEYS, CONFIG_ASYMMETRIC_KEY_TYPE, and CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE. The new file ima_asymmetric_keys.c is built only if CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS is enabled. This config is turned off by default. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/Kconfig | 14 ++ security/integrity/ima/Makefile | 1 + security/integrity/ima/ima.h | 24 ++++ security/integrity/ima/ima_asymmetric_keys.c | 136 +++++++++++++++++++ 4 files changed, 175 insertions(+) create mode 100644 security/integrity/ima/ima_asymmetric_keys.c diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 838476d780e5..c6d14884bc19 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -310,3 +310,17 @@ config IMA_APPRAISE_SIGNED_INIT default n help This option requires user-space init to be signed. + +config IMA_MEASURE_ASYMMETRIC_KEYS + bool "Enable measuring asymmetric keys on key create or update" + depends on IMA + depends on KEYS + depends on ASYMMETRIC_KEY_TYPE + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE + default n + help + This option enables measuring asymmetric keys when + the key is created or updated. Additionally, IMA policy + needs to be configured to either measure keys linked to + any keyring or only measure keys linked to the keyrings + specified in the IMA policy through the keyrings= option. diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile index 31d57cdf2421..3e9d0ad68c7b 100644 --- a/security/integrity/ima/Makefile +++ b/security/integrity/ima/Makefile @@ -12,3 +12,4 @@ ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o ima-$(CONFIG_IMA_APPRAISE_MODSIG) += ima_modsig.o ima-$(CONFIG_HAVE_IMA_KEXEC) += ima_kexec.o obj-$(CONFIG_IMA_BLACKLIST_KEYRING) += ima_mok.o +obj-$(CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS) += ima_asymmetric_keys.o diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 6a86daa62c5b..872883520ea6 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -206,6 +206,30 @@ extern const char *const func_tokens[]; struct modsig; +#ifdef CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS +/* + * To track keys that need to be measured. + */ +struct ima_measure_key_entry { + struct list_head list; + void *public_key; + u32 public_key_len; + char *keyring_name; +}; + +int ima_queue_or_process_key_for_measurement(struct key *keyring, + struct key *key); +void ima_measure_queued_keys(void); +#else +static inline int ima_queue_or_process_key_for_measurement( + struct key *keyring, + struct key *key) +{ + return 0; +} +static inline void ima_measure_queued_keys(void) {} +#endif /* CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS */ + /* LIM API function definitions */ int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, int mask, enum ima_hooks func, int *pcr, diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c new file mode 100644 index 000000000000..fa3d9bf8fcbe --- /dev/null +++ b/security/integrity/ima/ima_asymmetric_keys.c @@ -0,0 +1,136 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (C) 2019 Microsoft Corporation + * + * Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com) + * + * File: ima_asymmetric_keys.c + * Queue and de-queue functions for measuring asymmetric keys. + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include "ima.h" + +/* + * To synchronize access to the list of keys that need to be measured + */ +static DEFINE_MUTEX(ima_measure_keys_mutex); +static LIST_HEAD(ima_measure_keys); + +static void ima_free_measure_key_entry(struct ima_measure_key_entry *entry) +{ + if (entry != NULL) { + if (entry->public_key != NULL) + kzfree(entry->public_key); + if (entry->keyring_name != NULL) + kzfree(entry->keyring_name); + kzfree(entry); + } +} + +static struct ima_measure_key_entry *ima_alloc_measure_key_entry( + struct key *keyring, + struct key *key) +{ + int rc = 0; + const struct public_key *pk; + size_t keyring_name_len; + struct ima_measure_key_entry *entry = NULL; + + pk = key->payload.data[asym_crypto]; + keyring_name_len = strlen(keyring->description) + 1; + entry = kzalloc(sizeof(*entry), GFP_KERNEL); + if (entry != NULL) { + entry->public_key = kzalloc(pk->keylen, GFP_KERNEL); + entry->keyring_name = + kzalloc(keyring_name_len, GFP_KERNEL); + } + + if ((entry == NULL) || (entry->public_key == NULL) || + (entry->keyring_name == NULL)) { + rc = -ENOMEM; + goto out; + } + + strcpy(entry->keyring_name, keyring->description); + memcpy(entry->public_key, pk->key, pk->keylen); + entry->public_key_len = pk->keylen; + rc = 0; + +out: + if (rc) { + ima_free_measure_key_entry(entry); + entry = NULL; + } + + return entry; +} + +int ima_queue_or_process_key_for_measurement(struct key *keyring, + struct key *key) +{ + int rc = 0; + struct ima_measure_key_entry *entry = NULL; + const struct public_key *pk; + + if (key->type != &key_type_asymmetric) + return 0; + + mutex_lock(&ima_measure_keys_mutex); + + if (ima_initialized) { + /* + * keyring->description points to the name of the keyring + * (such as ".builtin_trusted_keys", ".ima", etc.) to + * which the given key is linked to. + * + * The name of the keyring is passed in the "eventname" + * parameter to process_buffer_measurement() and is set + * in the "eventname" field in ima_event_data for + * the key measurement IMA event. + * + * The name of the keyring is also passed in the "keyring" + * parameter to process_buffer_measurement() to check + * if the IMA policy is configured to measure a key linked + * to the given keyring. + */ + pk = key->payload.data[asym_crypto]; + process_buffer_measurement(pk->key, pk->keylen, + keyring->description, + KEYRING_CHECK, 0, + keyring->description); + } else { + entry = ima_alloc_measure_key_entry(keyring, key); + if (entry != NULL) { + INIT_LIST_HEAD(&entry->list); + list_add_tail(&entry->list, &ima_measure_keys); + } else + rc = -ENOMEM; + } + + mutex_unlock(&ima_measure_keys_mutex); + + return rc; +} + +void ima_measure_queued_keys(void) +{ + struct ima_measure_key_entry *entry, *tmp; + + mutex_lock(&ima_measure_keys_mutex); + + list_for_each_entry_safe(entry, tmp, &ima_measure_keys, list) { + process_buffer_measurement(entry->public_key, + entry->public_key_len, + entry->keyring_name, + KEYRING_CHECK, 0, + entry->keyring_name); + list_del(&entry->list); + ima_free_measure_key_entry(entry); + } + + mutex_unlock(&ima_measure_keys_mutex); +} From patchwork Wed Nov 6 19:01:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230833 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C183F15AB for ; Wed, 6 Nov 2019 19:01:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9E26A20869 for ; Wed, 6 Nov 2019 19:01:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="FAm5ugWG" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732323AbfKFTB3 (ORCPT ); Wed, 6 Nov 2019 14:01:29 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36196 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732278AbfKFTB2 (ORCPT ); Wed, 6 Nov 2019 14:01:28 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id C61CA20B4909; Wed, 6 Nov 2019 11:01:27 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com C61CA20B4909 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066887; bh=oyyg5Mcb7als6eY3sgazWcDSLsuJqSo0c/tbzPXjc9Q=; h=From:To:Subject:Date:In-Reply-To:References:From; b=FAm5ugWGaYN/UX7WRUU0u48rXuwnzHSiAB0TXS0vGC2aGPSZ+3mbEjHJfSk6DGquz jf3PeHW9docxUpxbnGkXf7aJ/wUX2/J1xDsim5lFm02yJ1BjpYsrtUnM8Qo6vmUvNM +NSS/Mx1/FiTrSwsxHx+m4ea7hwTz8/VxT5Y4/HY= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 09/10] IMA: Call queue and dequeue functions to measure keys Date: Wed, 6 Nov 2019 11:01:15 -0800 Message-Id: <20191106190116.2578-10-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Keys should be queued for measurement if IMA is not yet initialized. Keys queued for measurement, if any, need to be processed when IMA initialization is completed. This patch updates the IMA hook for key_create_or_update to call ima_queue_or_process_key_for_measurement() and adds the call to process queued keys upon IMA initialization completion. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima_init.c | 1 + security/integrity/ima/ima_main.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index a810af6df587..74817a9f78e5 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -137,6 +137,7 @@ int __init ima_init(void) return rc; ima_initialized = true; + ima_measure_queued_keys(); return 0; } diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 56540357c854..8733990867f2 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -757,7 +757,7 @@ void ima_post_key_create_or_update(struct key *keyring, struct key *key, unsigned long flags, bool create) { if ((keyring != NULL) && (key != NULL)) - return; + ima_queue_or_process_key_for_measurement(keyring, key); } static int __init init_ima(void) From patchwork Wed Nov 6 19:01:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lakshmi Ramasubramanian X-Patchwork-Id: 11230857 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2016A1599 for ; Wed, 6 Nov 2019 19:01:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F200B21882 for ; Wed, 6 Nov 2019 19:01:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="ngfXtDQz" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731934AbfKFTBs (ORCPT ); Wed, 6 Nov 2019 14:01:48 -0500 Received: from linux.microsoft.com ([13.77.154.182]:36206 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732281AbfKFTB2 (ORCPT ); Wed, 6 Nov 2019 14:01:28 -0500 Received: from nramas-ThinkStation-P520.corp.microsoft.com (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id EF83C20B490A; Wed, 6 Nov 2019 11:01:27 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com EF83C20B490A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573066888; bh=TEn9F8AzefeWVhas63NXBgzu5ZQXoipIdRO6lRvgWaE=; h=From:To:Subject:Date:In-Reply-To:References:From; b=ngfXtDQzvzD2intSwFGrLDT02P4QQ+LvZB0dlEug9jP3xiWTNjFae/0kKX2ZWe8rz RKRCRs9GabpNgw2XBDn+zeVzBpwrJEL9o3X2sQHtU49Hh/QH+hhss9D2hYCVZfpR/B +AS6fycv4gG411dpiEcxJKsfBf9R0qCGqSrelvdA= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, dhowells@redhat.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4 10/10] KEYS: Call the IMA hook to measure key when a new key is created or an existing key is updated Date: Wed, 6 Nov 2019 11:01:16 -0800 Message-Id: <20191106190116.2578-11-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191106190116.2578-1-nramas@linux.microsoft.com> References: <20191106190116.2578-1-nramas@linux.microsoft.com> Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org key_create_or_update function needs to call the IMA hook to measure the key when a new key is created or an existing key is updated. This patch adds the call to the IMA hook from key_create_or_update function. Signed-off-by: Lakshmi Ramasubramanian --- include/linux/ima.h | 8 ++++++++ security/keys/key.c | 9 +++++++++ 2 files changed, 17 insertions(+) diff --git a/include/linux/ima.h b/include/linux/ima.h index 6d904754d858..069879242a15 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -24,6 +24,9 @@ extern int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id id); extern void ima_post_path_mknod(struct dentry *dentry); extern void ima_kexec_cmdline(const void *buf, int size); +extern void ima_post_key_create_or_update(struct key *keyring, + struct key *key, + unsigned long flags, bool create); #ifdef CONFIG_IMA_KEXEC extern void ima_add_kexec_buffer(struct kimage *image); @@ -92,6 +95,11 @@ static inline void ima_post_path_mknod(struct dentry *dentry) } static inline void ima_kexec_cmdline(const void *buf, int size) {} + +static inline void ima_post_key_create_or_update(struct key *keyring, + struct key *key, + unsigned long flags, + bool create) {} #endif /* CONFIG_IMA */ #ifndef CONFIG_IMA_KEXEC diff --git a/security/keys/key.c b/security/keys/key.c index 764f4c57913e..9782d4d046fd 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #include "internal.h" @@ -936,6 +937,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, goto error_link_end; } + /* let the ima module know about the created key. */ + ima_post_key_create_or_update(keyring, key, flags, true); + key_ref = make_key_ref(key, is_key_possessed(keyring_ref)); error_link_end: @@ -965,6 +969,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, } key_ref = __key_update(key_ref, &prep); + + /* let the ima module know about the updated key. */ + if (!IS_ERR(key_ref)) + ima_post_key_create_or_update(keyring, key, flags, false); + goto error_free_prep; } EXPORT_SYMBOL(key_create_or_update);