evm_secfs.c 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. /*
  3. * Copyright (C) 2010 IBM Corporation
  4. *
  5. * Authors:
  6. * Mimi Zohar <zohar@us.ibm.com>
  7. *
  8. * File: evm_secfs.c
  9. * - Used to signal when key is on keyring
  10. * - Get the key and enable EVM
  11. */
  12. #include <linux/audit.h>
  13. #include <linux/uaccess.h>
  14. #include <linux/init.h>
  15. #include <linux/mutex.h>
  16. #include "evm.h"
  17. static struct dentry *evm_dir;
  18. static struct dentry *evm_symlink;
  19. #ifdef CONFIG_EVM_ADD_XATTRS
  20. static struct dentry *evm_xattrs;
  21. static DEFINE_MUTEX(xattr_list_mutex);
  22. static int evm_xattrs_locked;
  23. #endif
  24. /**
  25. * evm_read_key - read() for <securityfs>/evm
  26. *
  27. * @filp: file pointer, not actually used
  28. * @buf: where to put the result
  29. * @count: maximum to send along
  30. * @ppos: where to start
  31. *
  32. * Returns number of bytes read or error code, as appropriate
  33. */
  34. static ssize_t evm_read_key(struct file *filp, char __user *buf,
  35. size_t count, loff_t *ppos)
  36. {
  37. char temp[80];
  38. ssize_t rc;
  39. if (*ppos != 0)
  40. return 0;
  41. sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE));
  42. rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
  43. return rc;
  44. }
  45. /**
  46. * evm_write_key - write() for <securityfs>/evm
  47. * @file: file pointer, not actually used
  48. * @buf: where to get the data from
  49. * @count: bytes sent
  50. * @ppos: where to start
  51. *
  52. * Used to signal that key is on the kernel key ring.
  53. * - get the integrity hmac key from the kernel key ring
  54. * - create list of hmac protected extended attributes
  55. * Returns number of bytes written or error code, as appropriate
  56. */
  57. static ssize_t evm_write_key(struct file *file, const char __user *buf,
  58. size_t count, loff_t *ppos)
  59. {
  60. unsigned int i;
  61. int ret;
  62. if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE))
  63. return -EPERM;
  64. ret = kstrtouint_from_user(buf, count, 0, &i);
  65. if (ret)
  66. return ret;
  67. /* Reject invalid values */
  68. if (!i || (i & ~EVM_INIT_MASK) != 0)
  69. return -EINVAL;
  70. /*
  71. * Don't allow a request to enable metadata writes if
  72. * an HMAC key is loaded.
  73. */
  74. if ((i & EVM_ALLOW_METADATA_WRITES) &&
  75. (evm_initialized & EVM_INIT_HMAC) != 0)
  76. return -EPERM;
  77. if (i & EVM_INIT_HMAC) {
  78. ret = evm_init_key();
  79. if (ret != 0)
  80. return ret;
  81. /* Forbid further writes after the symmetric key is loaded */
  82. i |= EVM_SETUP_COMPLETE;
  83. }
  84. evm_initialized |= i;
  85. /* Don't allow protected metadata modification if a symmetric key
  86. * is loaded
  87. */
  88. if (evm_initialized & EVM_INIT_HMAC)
  89. evm_initialized &= ~(EVM_ALLOW_METADATA_WRITES);
  90. return count;
  91. }
  92. static const struct file_operations evm_key_ops = {
  93. .read = evm_read_key,
  94. .write = evm_write_key,
  95. };
  96. #ifdef CONFIG_EVM_ADD_XATTRS
  97. /**
  98. * evm_read_xattrs - read() for <securityfs>/evm_xattrs
  99. *
  100. * @filp: file pointer, not actually used
  101. * @buf: where to put the result
  102. * @count: maximum to send along
  103. * @ppos: where to start
  104. *
  105. * Returns number of bytes read or error code, as appropriate
  106. */
  107. static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,
  108. size_t count, loff_t *ppos)
  109. {
  110. char *temp;
  111. int offset = 0;
  112. ssize_t rc, size = 0;
  113. struct xattr_list *xattr;
  114. if (*ppos != 0)
  115. return 0;
  116. rc = mutex_lock_interruptible(&xattr_list_mutex);
  117. if (rc)
  118. return -ERESTARTSYS;
  119. list_for_each_entry(xattr, &evm_config_xattrnames, list) {
  120. if (!xattr->enabled)
  121. continue;
  122. size += strlen(xattr->name) + 1;
  123. }
  124. temp = kmalloc(size + 1, GFP_KERNEL);
  125. if (!temp) {
  126. mutex_unlock(&xattr_list_mutex);
  127. return -ENOMEM;
  128. }
  129. list_for_each_entry(xattr, &evm_config_xattrnames, list) {
  130. if (!xattr->enabled)
  131. continue;
  132. sprintf(temp + offset, "%s\n", xattr->name);
  133. offset += strlen(xattr->name) + 1;
  134. }
  135. mutex_unlock(&xattr_list_mutex);
  136. rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
  137. kfree(temp);
  138. return rc;
  139. }
  140. /**
  141. * evm_write_xattrs - write() for <securityfs>/evm_xattrs
  142. * @file: file pointer, not actually used
  143. * @buf: where to get the data from
  144. * @count: bytes sent
  145. * @ppos: where to start
  146. *
  147. * Returns number of bytes written or error code, as appropriate
  148. */
  149. static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
  150. size_t count, loff_t *ppos)
  151. {
  152. int len, err;
  153. struct xattr_list *xattr, *tmp;
  154. struct audit_buffer *ab;
  155. struct iattr newattrs;
  156. struct inode *inode;
  157. if (!capable(CAP_SYS_ADMIN) || evm_xattrs_locked)
  158. return -EPERM;
  159. if (*ppos != 0)
  160. return -EINVAL;
  161. if (count > XATTR_NAME_MAX)
  162. return -E2BIG;
  163. ab = audit_log_start(audit_context(), GFP_KERNEL,
  164. AUDIT_INTEGRITY_EVM_XATTR);
  165. if (!ab && IS_ENABLED(CONFIG_AUDIT))
  166. return -ENOMEM;
  167. xattr = kmalloc_obj(struct xattr_list);
  168. if (!xattr) {
  169. err = -ENOMEM;
  170. goto out;
  171. }
  172. xattr->enabled = true;
  173. xattr->name = memdup_user_nul(buf, count);
  174. if (IS_ERR(xattr->name)) {
  175. err = PTR_ERR(xattr->name);
  176. xattr->name = NULL;
  177. goto out;
  178. }
  179. /* Remove any trailing newline */
  180. len = strlen(xattr->name);
  181. if (len && xattr->name[len-1] == '\n')
  182. xattr->name[len-1] = '\0';
  183. audit_log_format(ab, "xattr=");
  184. audit_log_untrustedstring(ab, xattr->name);
  185. if (strcmp(xattr->name, ".") == 0) {
  186. evm_xattrs_locked = 1;
  187. newattrs.ia_mode = S_IFREG | 0440;
  188. newattrs.ia_valid = ATTR_MODE;
  189. inode = evm_xattrs->d_inode;
  190. inode_lock(inode);
  191. err = simple_setattr(&nop_mnt_idmap, evm_xattrs, &newattrs);
  192. inode_unlock(inode);
  193. if (!err)
  194. err = count;
  195. goto out;
  196. }
  197. if (strncmp(xattr->name, XATTR_SECURITY_PREFIX,
  198. XATTR_SECURITY_PREFIX_LEN) != 0) {
  199. err = -EINVAL;
  200. goto out;
  201. }
  202. /*
  203. * xattr_list_mutex guards against races in evm_read_xattrs().
  204. * Entries are only added to the evm_config_xattrnames list
  205. * and never deleted. Therefore, the list is traversed
  206. * using list_for_each_entry_lockless() without holding
  207. * the mutex in evm_calc_hmac_or_hash(), evm_find_protected_xattrs()
  208. * and evm_protected_xattr().
  209. */
  210. mutex_lock(&xattr_list_mutex);
  211. list_for_each_entry(tmp, &evm_config_xattrnames, list) {
  212. if (strcmp(xattr->name, tmp->name) == 0) {
  213. err = -EEXIST;
  214. if (!tmp->enabled) {
  215. tmp->enabled = true;
  216. err = count;
  217. }
  218. mutex_unlock(&xattr_list_mutex);
  219. goto out;
  220. }
  221. }
  222. list_add_tail_rcu(&xattr->list, &evm_config_xattrnames);
  223. mutex_unlock(&xattr_list_mutex);
  224. audit_log_format(ab, " res=0");
  225. audit_log_end(ab);
  226. return count;
  227. out:
  228. audit_log_format(ab, " res=%d", (err < 0) ? err : 0);
  229. audit_log_end(ab);
  230. if (xattr) {
  231. kfree(xattr->name);
  232. kfree(xattr);
  233. }
  234. return err;
  235. }
  236. static const struct file_operations evm_xattr_ops = {
  237. .read = evm_read_xattrs,
  238. .write = evm_write_xattrs,
  239. };
  240. static int evm_init_xattrs(void)
  241. {
  242. evm_xattrs = securityfs_create_file("evm_xattrs", 0660, evm_dir, NULL,
  243. &evm_xattr_ops);
  244. if (IS_ERR(evm_xattrs))
  245. return -EFAULT;
  246. return 0;
  247. }
  248. #else
  249. static int evm_init_xattrs(void)
  250. {
  251. return 0;
  252. }
  253. #endif
  254. int __init evm_init_secfs(void)
  255. {
  256. int error = 0;
  257. struct dentry *dentry;
  258. error = integrity_fs_init();
  259. if (error < 0)
  260. return -EFAULT;
  261. evm_dir = securityfs_create_dir("evm", integrity_dir);
  262. if (IS_ERR(evm_dir)) {
  263. error = -EFAULT;
  264. goto out;
  265. }
  266. dentry = securityfs_create_file("evm", 0660,
  267. evm_dir, NULL, &evm_key_ops);
  268. if (IS_ERR(dentry)) {
  269. error = -EFAULT;
  270. goto out;
  271. }
  272. evm_symlink = securityfs_create_symlink("evm", NULL,
  273. "integrity/evm/evm", NULL);
  274. if (IS_ERR(evm_symlink)) {
  275. error = -EFAULT;
  276. goto out;
  277. }
  278. if (evm_init_xattrs() != 0) {
  279. error = -EFAULT;
  280. goto out;
  281. }
  282. return 0;
  283. out:
  284. securityfs_remove(evm_symlink);
  285. securityfs_remove(evm_dir);
  286. integrity_fs_fini();
  287. return error;
  288. }