projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a49f0d1)
ima: fallback to MODULE_SIG_ENFORCE for existing kernel module syscall
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Fri, 21 Dec 2012 13:34:21 +0000 (08:34 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Mon, 24 Dec 2012 14:35:48 +0000 (09:35 -0500)
The new kernel module syscall appraises kernel modules based
on policy.   If the IMA policy requires kernel module checking,
fallback to module signature enforcing for the existing syscall.
Without CONFIG_MODULE_SIG_FORCE enabled, the kernel module's
integrity is unknown, return -EACCES.

Changelog v1:
- Fix ima_module_check() return result (Tetsuo Handa)

Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
security/integrity/ima/ima.h patch | blob | history
security/integrity/ima/ima_main.c patch | blob | history
security/integrity/ima/ima_policy.c patch | blob | history

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 3b2adb794f15506311a52b2ec5442297907ee8e2..079a85dc37b2ba9fd7d649a1a0da0e2843a9252c 100644 (file)
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -139,6 +139,7 @@ void ima_delete_rules(void);
 /* Appraise integrity measurements */
 #define IMA_APPRAISE_ENFORCE   0x01
 #define IMA_APPRAISE_FIX       0x02
+#define IMA_APPRAISE_MODULES   0x04
 
 #ifdef CONFIG_IMA_APPRAISE
 int ima_appraise_measurement(struct integrity_iint_cache *iint,
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 45de18e9a6f224aac3b90512fb1e4b6453b795be..dba965de90d3f838c82e1a93202bf585fa1e5cd6 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -291,11 +291,15 @@ EXPORT_SYMBOL_GPL(ima_file_check);
  */
 int ima_module_check(struct file *file)
 {
-       int rc;
+       int rc = 0;
 
-       if (!file)
-               rc = INTEGRITY_UNKNOWN;
-       else
+       if (!file) {
+               if (ima_appraise & IMA_APPRAISE_MODULES) {
+#ifndef CONFIG_MODULE_SIG_FORCE
+                       rc = -EACCES;   /* INTEGRITY_UNKNOWN */
+#endif
+               }
+       } else
                rc = process_measurement(file, file->f_dentry->d_name.name,
                                         MAY_EXEC, MODULE_CHECK);
        return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index af7d182d5a46123ca9308cf2e231f006aa71215d..479fca940bb5552df6591723f09408c3325054f0 100644 (file)
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -523,7 +523,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
        }
        if (!result && (entry->action == UNKNOWN))
                result = -EINVAL;
-
+       else if (entry->func == MODULE_CHECK)
+               ima_appraise |= IMA_APPRAISE_MODULES;
        audit_log_format(ab, "res=%d", !result);
        audit_log_end(ab);
        return result;
John Crispins staging tree