Blame - security/integrity/ima/ima_template.c - SHIFTPHONES/mainline/linux

blob: b7b359ca39ee12017a0721f011558314c84c9153 [file] [log] [blame]

Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	1	/*
				2	* Copyright (C) 2013 Politecnico di Torino, Italy
				3	* TORSEC group -- http://security.polito.it
				4	*
				5	* Author: Roberto Sassu <roberto.sassu@polito.it>
				6	*
				7	* This program is free software; you can redistribute it and/or
				8	* modify it under the terms of the GNU General Public License as
				9	* published by the Free Software Foundation, version 2 of the
				10	* License.
				11	*
				12	* File: ima_template.c
				13	* Helpers to manage template descriptors.
				14	*/
Joe Perches	20ee451	2014-02-24 13:59:56 -0800	[diff] [blame]	15
				16	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
				17
Roberto Sassu	9b9d4ce	2013-06-07 12:16:35 +0200	[diff] [blame]	18	#include <crypto/hash_info.h>
				19
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	20	#include "ima.h"
Roberto Sassu	3ce1217d	2013-06-07 12:16:30 +0200	[diff] [blame]	21	#include "ima_template_lib.h"
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	22
				23	static struct ima_template_desc defined_templates[] = {
Roberto Sassu	4d7aeee7	2013-06-07 12:16:32 +0200	[diff] [blame]	24	{.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT},
Dmitry Kasatkin	2bb930a	2014-03-04 18:04:20 +0200	[diff] [blame]	25	{.name = "ima-ng", .fmt = "d-ng\|n-ng"},
				26	{.name = "ima-sig", .fmt = "d-ng\|n-ng\|sig"},
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	27	};
				28
				29	static struct ima_template_field supported_fields[] = {
Dmitry Kasatkin	2bb930a	2014-03-04 18:04:20 +0200	[diff] [blame]	30	{.field_id = "d", .field_init = ima_eventdigest_init,
Roberto Sassu	3ce1217d	2013-06-07 12:16:30 +0200	[diff] [blame]	31	.field_show = ima_show_template_digest},
Dmitry Kasatkin	2bb930a	2014-03-04 18:04:20 +0200	[diff] [blame]	32	{.field_id = "n", .field_init = ima_eventname_init,
Roberto Sassu	3ce1217d	2013-06-07 12:16:30 +0200	[diff] [blame]	33	.field_show = ima_show_template_string},
Dmitry Kasatkin	2bb930a	2014-03-04 18:04:20 +0200	[diff] [blame]	34	{.field_id = "d-ng", .field_init = ima_eventdigest_ng_init,
Roberto Sassu	4d7aeee7	2013-06-07 12:16:32 +0200	[diff] [blame]	35	.field_show = ima_show_template_digest_ng},
Dmitry Kasatkin	2bb930a	2014-03-04 18:04:20 +0200	[diff] [blame]	36	{.field_id = "n-ng", .field_init = ima_eventname_ng_init,
Roberto Sassu	4d7aeee7	2013-06-07 12:16:32 +0200	[diff] [blame]	37	.field_show = ima_show_template_string},
Dmitry Kasatkin	2bb930a	2014-03-04 18:04:20 +0200	[diff] [blame]	38	{.field_id = "sig", .field_init = ima_eventsig_init,
Mimi Zohar	bcbc9b0c	2013-07-23 11:15:00 -0400	[diff] [blame]	39	.field_show = ima_show_template_sig},
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	40	};
				41
Roberto Sassu	a71dc65	2013-06-07 12:16:33 +0200	[diff] [blame]	42	static struct ima_template_desc *ima_template;
Roberto Sassu	9b9d4ce	2013-06-07 12:16:35 +0200	[diff] [blame]	43	static struct ima_template_desc lookup_template_desc(const char name);
				44
				45	static int __init ima_template_setup(char *str)
				46	{
				47	struct ima_template_desc *template_desc;
				48	int template_len = strlen(str);
				49
				50	/*
				51	* Verify that a template with the supplied name exists.
				52	* If not, use CONFIG_IMA_DEFAULT_TEMPLATE.
				53	*/
				54	template_desc = lookup_template_desc(str);
Roberto Sassu	71fed2e	2014-10-13 14:08:38 +0200	[diff] [blame]	55	if (!template_desc) {
				56	pr_err("template %s not found, using %s\n",
				57	str, CONFIG_IMA_DEFAULT_TEMPLATE);
Roberto Sassu	9b9d4ce	2013-06-07 12:16:35 +0200	[diff] [blame]	58	return 1;
Roberto Sassu	71fed2e	2014-10-13 14:08:38 +0200	[diff] [blame]	59	}
Roberto Sassu	9b9d4ce	2013-06-07 12:16:35 +0200	[diff] [blame]	60
				61	/*
				62	* Verify whether the current hash algorithm is supported
				63	* by the 'ima' template.
				64	*/
				65	if (template_len == 3 && strcmp(str, IMA_TEMPLATE_IMA_NAME) == 0 &&
				66	ima_hash_algo != HASH_ALGO_SHA1 && ima_hash_algo != HASH_ALGO_MD5) {
Joe Perches	20ee451	2014-02-24 13:59:56 -0800	[diff] [blame]	67	pr_err("template does not support hash alg\n");
Roberto Sassu	9b9d4ce	2013-06-07 12:16:35 +0200	[diff] [blame]	68	return 1;
				69	}
				70
				71	ima_template = template_desc;
				72	return 1;
				73	}
				74	__setup("ima_template=", ima_template_setup);
Roberto Sassu	a71dc65	2013-06-07 12:16:33 +0200	[diff] [blame]	75
				76	static struct ima_template_desc lookup_template_desc(const char name)
				77	{
				78	int i;
				79
				80	for (i = 0; i < ARRAY_SIZE(defined_templates); i++) {
				81	if (strcmp(defined_templates[i].name, name) == 0)
				82	return defined_templates + i;
				83	}
				84
				85	return NULL;
				86	}
				87
Roberto Sassu	3ce1217d	2013-06-07 12:16:30 +0200	[diff] [blame]	88	static struct ima_template_field lookup_template_field(const char field_id)
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	89	{
				90	int i;
				91
				92	for (i = 0; i < ARRAY_SIZE(supported_fields); i++)
				93	if (strncmp(supported_fields[i].field_id, field_id,
				94	IMA_TEMPLATE_FIELD_ID_MAX_LEN) == 0)
				95	return &supported_fields[i];
				96	return NULL;
				97	}
				98
Roberto Sassu	dbc335d	2013-11-25 20:18:52 +0100	[diff] [blame]	99	static int template_fmt_size(const char *template_fmt)
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	100	{
				101	char c;
				102	int template_fmt_len = strlen(template_fmt);
				103	int i = 0, j = 0;
				104
				105	while (i < template_fmt_len) {
				106	c = template_fmt[i];
				107	if (c == '\|')
				108	j++;
				109	i++;
				110	}
				111
				112	return j + 1;
				113	}
				114
Roberto Sassu	dbc335d	2013-11-25 20:18:52 +0100	[diff] [blame]	115	static int template_desc_init_fields(const char *template_fmt,
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	116	struct ima_template_field ***fields,
				117	int *num_fields)
				118	{
Roberto Sassu	af91706	2013-11-27 14:40:41 +0100	[diff] [blame]	119	char c, template_fmt_copy, *template_fmt_ptr;
Roberto Sassu	3ce1217d	2013-06-07 12:16:30 +0200	[diff] [blame]	120	int template_num_fields = template_fmt_size(template_fmt);
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	121	int i, result = 0;
				122
Roberto Sassu	71fed2e	2014-10-13 14:08:38 +0200	[diff] [blame]	123	if (template_num_fields > IMA_TEMPLATE_NUM_FIELDS_MAX) {
				124	pr_err("format string '%s' contains too many fields\n",
				125	template_fmt);
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	126	return -EINVAL;
Roberto Sassu	71fed2e	2014-10-13 14:08:38 +0200	[diff] [blame]	127	}
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	128
Roberto Sassu	dbc335d	2013-11-25 20:18:52 +0100	[diff] [blame]	129	/* copying is needed as strsep() modifies the original buffer */
				130	template_fmt_copy = kstrdup(template_fmt, GFP_KERNEL);
				131	if (template_fmt_copy == NULL)
				132	return -ENOMEM;
				133
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	134	fields = kzalloc(template_num_fields sizeof(*fields), GFP_KERNEL);
				135	if (*fields == NULL) {
				136	result = -ENOMEM;
				137	goto out;
				138	}
Roberto Sassu	af91706	2013-11-27 14:40:41 +0100	[diff] [blame]	139
				140	template_fmt_ptr = template_fmt_copy;
				141	for (i = 0; (c = strsep(&template_fmt_ptr, "\|")) != NULL &&
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	142	i < template_num_fields; i++) {
Roberto Sassu	3ce1217d	2013-06-07 12:16:30 +0200	[diff] [blame]	143	struct ima_template_field *f = lookup_template_field(c);
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	144
				145	if (!f) {
Roberto Sassu	71fed2e	2014-10-13 14:08:38 +0200	[diff] [blame]	146	pr_err("field '%s' not found\n", c);
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	147	result = -ENOENT;
				148	goto out;
				149	}
				150	(*fields)[i] = f;
				151	}
				152	*num_fields = i;
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	153	out:
Roberto Sassu	dbc335d	2013-11-25 20:18:52 +0100	[diff] [blame]	154	if (result < 0) {
				155	kfree(*fields);
				156	*fields = NULL;
				157	}
				158	kfree(template_fmt_copy);
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	159	return result;
				160	}
				161
Roberto Sassu	a71dc65	2013-06-07 12:16:33 +0200	[diff] [blame]	162	struct ima_template_desc *ima_template_desc_current(void)
				163	{
				164	if (!ima_template)
Mimi Zohar	4286587	2013-06-07 12:16:34 +0200	[diff] [blame]	165	ima_template =
				166	lookup_template_desc(CONFIG_IMA_DEFAULT_TEMPLATE);
Roberto Sassu	a71dc65	2013-06-07 12:16:33 +0200	[diff] [blame]	167	return ima_template;
				168	}
				169
Dmitry Kasatkin	e4a9c51	2014-09-03 10:19:58 +0300	[diff] [blame]	170	int __init ima_init_template(void)
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	171	{
Dmitry Kasatkin	b4148db	2014-05-08 11:23:53 +0300	[diff] [blame]	172	struct ima_template_desc *template = ima_template_desc_current();
Roberto Sassu	71fed2e	2014-10-13 14:08:38 +0200	[diff] [blame]	173	int result;
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	174
Roberto Sassu	71fed2e	2014-10-13 14:08:38 +0200	[diff] [blame]	175	result = template_desc_init_fields(template->fmt,
				176	&(template->fields),
				177	&(template->num_fields));
				178	if (result < 0)
Roberto Sassu	7dbdb42	2014-10-13 14:08:39 +0200	[diff] [blame^]	179	pr_err("template %s init failed, result: %d\n",
				180	(strlen(template->name) ?
				181	template->name : template->fmt), result);
Roberto Sassu	71fed2e	2014-10-13 14:08:38 +0200	[diff] [blame]	182
				183	return result;
Roberto Sassu	adf53a7	2013-06-07 12:16:29 +0200	[diff] [blame]	184	}