aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMimi Zohar2012-06-20 08:32:55 -0500
committerMimi Zohar2012-07-02 15:43:29 -0500
commit08e1b76ae399a010c0d0916b125d75aed6961d16 (patch)
tree88806da1802a75d3edbb46436bb509150177eb76 /security/integrity
parent659b5e76521c10331495cbd9acb7217e38ff9750 (diff)
downloadam43-linux-kernel-08e1b76ae399a010c0d0916b125d75aed6961d16.tar.gz
am43-linux-kernel-08e1b76ae399a010c0d0916b125d75aed6961d16.tar.xz
am43-linux-kernel-08e1b76ae399a010c0d0916b125d75aed6961d16.zip
ima: use full pathnames in measurement list
The IMA measurement list contains filename hints, which can be ambigious without the full pathname. This patch replaces the filename hint with the full pathname, simplifying for userspace the correlating of file hash measurements with files. Change log v1: - Revert to short filenames, when full pathname is longer than IMA measurement buffer size. (Based on Dmitry's review) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima_api.c4
-rw-r--r--security/integrity/ima/ima_main.c42
2 files changed, 39 insertions, 7 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 88a2788b981..032ff03ad90 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -175,7 +175,9 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
175 } 175 }
176 memset(&entry->template, 0, sizeof(entry->template)); 176 memset(&entry->template, 0, sizeof(entry->template));
177 memcpy(entry->template.digest, iint->digest, IMA_DIGEST_SIZE); 177 memcpy(entry->template.digest, iint->digest, IMA_DIGEST_SIZE);
178 strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX); 178 strcpy(entry->template.file_name,
179 (strlen(filename) > IMA_EVENT_NAME_LEN_MAX) ?
180 file->f_dentry->d_name.name : filename);
179 181
180 result = ima_store_template(entry, violation, inode); 182 result = ima_store_template(entry, violation, inode);
181 if (!result || result == -EEXIST) 183 if (!result || result == -EEXIST)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index b17be79b9cf..a0e631a1905 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -54,6 +54,7 @@ static void ima_rdwr_violation_check(struct file *file)
54 fmode_t mode = file->f_mode; 54 fmode_t mode = file->f_mode;
55 int rc; 55 int rc;
56 bool send_tomtou = false, send_writers = false; 56 bool send_tomtou = false, send_writers = false;
57 unsigned char *pathname = NULL, *pathbuf = NULL;
57 58
58 if (!S_ISREG(inode->i_mode) || !ima_initialized) 59 if (!S_ISREG(inode->i_mode) || !ima_initialized)
59 return; 60 return;
@@ -75,12 +76,27 @@ static void ima_rdwr_violation_check(struct file *file)
75out: 76out:
76 mutex_unlock(&inode->i_mutex); 77 mutex_unlock(&inode->i_mutex);
77 78
79 if (!send_tomtou && !send_writers)
80 return;
81
82 /* We will allow 11 spaces for ' (deleted)' to be appended */
83 pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
84 if (pathbuf) {
85 pathname = d_path(&file->f_path, pathbuf, PATH_MAX + 11);
86 if (IS_ERR(pathname))
87 pathname = NULL;
88 else if (strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
89 pathname = NULL;
90 }
78 if (send_tomtou) 91 if (send_tomtou)
79 ima_add_violation(inode, dentry->d_name.name, "invalid_pcr", 92 ima_add_violation(inode,
80 "ToMToU"); 93 !pathname ? dentry->d_name.name : pathname,
94 "invalid_pcr", "ToMToU");
81 if (send_writers) 95 if (send_writers)
82 ima_add_violation(inode, dentry->d_name.name, "invalid_pcr", 96 ima_add_violation(inode,
83 "open_writers"); 97 !pathname ? dentry->d_name.name : pathname,
98 "invalid_pcr", "open_writers");
99 kfree(pathbuf);
84} 100}
85 101
86static void ima_check_last_writer(struct integrity_iint_cache *iint, 102static void ima_check_last_writer(struct integrity_iint_cache *iint,
@@ -123,6 +139,7 @@ static int process_measurement(struct file *file, const unsigned char *filename,
123{ 139{
124 struct inode *inode = file->f_dentry->d_inode; 140 struct inode *inode = file->f_dentry->d_inode;
125 struct integrity_iint_cache *iint; 141 struct integrity_iint_cache *iint;
142 unsigned char *pathname = NULL, *pathbuf = NULL;
126 int rc = 0; 143 int rc = 0;
127 144
128 if (!ima_initialized || !S_ISREG(inode->i_mode)) 145 if (!ima_initialized || !S_ISREG(inode->i_mode))
@@ -147,8 +164,21 @@ retry:
147 goto out; 164 goto out;
148 165
149 rc = ima_collect_measurement(iint, file); 166 rc = ima_collect_measurement(iint, file);
150 if (!rc) 167 if (rc != 0)
151 ima_store_measurement(iint, file, filename); 168 goto out;
169
170 if (function != BPRM_CHECK) {
171 /* We will allow 11 spaces for ' (deleted)' to be appended */
172 pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
173 if (pathbuf) {
174 pathname =
175 d_path(&file->f_path, pathbuf, PATH_MAX + 11);
176 if (IS_ERR(pathname))
177 pathname = NULL;
178 }
179 }
180 ima_store_measurement(iint, file, !pathname ? filename : pathname);
181 kfree(pathbuf);
152out: 182out:
153 mutex_unlock(&iint->mutex); 183 mutex_unlock(&iint->mutex);
154 return rc; 184 return rc;