Commit 750943a30714b7e9a5a2b0e08eeef7a808b5a869
Committed by
Mimi Zohar
Mimi Zohar
1 parent
def3e8b9ee
Exists in
smarc-l5.0.0_1.0.0-ga
and in
5 other branches
ima: remove enforce checking duplication
Based on the IMA appraisal policy, files are appraised. For those files appraised, the IMA hooks return the integrity appraisal result, assuming IMA-appraisal is in enforcing mode. This patch combines both of these criteria (in policy and enforcing file integrity), removing the checking duplication. Changelog v1: - Update hook comments Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Showing 1 changed file with 20 additions and 32 deletions Side-by-side Diff
security/integrity/ima/ima_main.c
| ... | ... | @@ -208,7 +208,9 @@ |
| 208 | 208 | kfree(pathbuf); |
| 209 | 209 | out: |
| 210 | 210 | mutex_unlock(&inode->i_mutex); |
| 211 | - return (rc && must_appraise) ? -EACCES : 0; | |
| 211 | + if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE)) | |
| 212 | + return -EACCES; | |
| 213 | + return 0; | |
| 212 | 214 | } |
| 213 | 215 | |
| 214 | 216 | /** |
| 215 | 217 | |
| ... | ... | @@ -219,19 +221,15 @@ |
| 219 | 221 | * Measure files being mmapped executable based on the ima_must_measure() |
| 220 | 222 | * policy decision. |
| 221 | 223 | * |
| 222 | - * Return 0 on success, an error code on failure. | |
| 223 | - * (Based on the results of appraise_measurement().) | |
| 224 | + * On success return 0. On integrity appraisal error, assuming the file | |
| 225 | + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. | |
| 224 | 226 | */ |
| 225 | 227 | int ima_file_mmap(struct file *file, unsigned long prot) |
| 226 | 228 | { |
| 227 | - int rc = 0; | |
| 228 | - | |
| 229 | - if (!file) | |
| 230 | - return 0; | |
| 231 | - if (prot & PROT_EXEC) | |
| 232 | - rc = process_measurement(file, file->f_dentry->d_name.name, | |
| 233 | - MAY_EXEC, FILE_MMAP); | |
| 234 | - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; | |
| 229 | + if (file && (prot & PROT_EXEC)) | |
| 230 | + return process_measurement(file, file->f_dentry->d_name.name, | |
| 231 | + MAY_EXEC, FILE_MMAP); | |
| 232 | + return 0; | |
| 235 | 233 | } |
| 236 | 234 | |
| 237 | 235 | /** |
| 238 | 236 | |
| 239 | 237 | |
| ... | ... | @@ -244,18 +242,15 @@ |
| 244 | 242 | * So we can be certain that what we verify and measure here is actually |
| 245 | 243 | * what is being executed. |
| 246 | 244 | * |
| 247 | - * Return 0 on success, an error code on failure. | |
| 248 | - * (Based on the results of appraise_measurement().) | |
| 245 | + * On success return 0. On integrity appraisal error, assuming the file | |
| 246 | + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. | |
| 249 | 247 | */ |
| 250 | 248 | int ima_bprm_check(struct linux_binprm *bprm) |
| 251 | 249 | { |
| 252 | - int rc; | |
| 253 | - | |
| 254 | - rc = process_measurement(bprm->file, | |
| 250 | + return process_measurement(bprm->file, | |
| 255 | 251 | (strcmp(bprm->filename, bprm->interp) == 0) ? |
| 256 | 252 | bprm->filename : bprm->interp, |
| 257 | 253 | MAY_EXEC, BPRM_CHECK); |
| 258 | - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; | |
| 259 | 254 | } |
| 260 | 255 | |
| 261 | 256 | /** |
| 262 | 257 | |
| 263 | 258 | |
| 264 | 259 | |
| ... | ... | @@ -265,18 +260,15 @@ |
| 265 | 260 | * |
| 266 | 261 | * Measure files based on the ima_must_measure() policy decision. |
| 267 | 262 | * |
| 268 | - * Always return 0 and audit dentry_open failures. | |
| 269 | - * (Return code will be based upon measurement appraisal.) | |
| 263 | + * On success return 0. On integrity appraisal error, assuming the file | |
| 264 | + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. | |
| 270 | 265 | */ |
| 271 | 266 | int ima_file_check(struct file *file, int mask) |
| 272 | 267 | { |
| 273 | - int rc; | |
| 274 | - | |
| 275 | 268 | ima_rdwr_violation_check(file); |
| 276 | - rc = process_measurement(file, file->f_dentry->d_name.name, | |
| 269 | + return process_measurement(file, file->f_dentry->d_name.name, | |
| 277 | 270 | mask & (MAY_READ | MAY_WRITE | MAY_EXEC), |
| 278 | 271 | FILE_CHECK); |
| 279 | - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; | |
| 280 | 272 | } |
| 281 | 273 | EXPORT_SYMBOL_GPL(ima_file_check); |
| 282 | 274 | |
| 283 | 275 | |
| 284 | 276 | |
| ... | ... | @@ -286,19 +278,15 @@ |
| 286 | 278 | * |
| 287 | 279 | * Measure/appraise kernel modules based on policy. |
| 288 | 280 | * |
| 289 | - * Always return 0 and audit dentry_open failures. | |
| 290 | - * Return code is based upon measurement appraisal. | |
| 281 | + * On success return 0. On integrity appraisal error, assuming the file | |
| 282 | + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. | |
| 291 | 283 | */ |
| 292 | 284 | int ima_module_check(struct file *file) |
| 293 | 285 | { |
| 294 | - int rc; | |
| 295 | - | |
| 296 | 286 | if (!file) |
| 297 | - rc = INTEGRITY_UNKNOWN; | |
| 298 | - else | |
| 299 | - rc = process_measurement(file, file->f_dentry->d_name.name, | |
| 300 | - MAY_EXEC, MODULE_CHECK); | |
| 301 | - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; | |
| 287 | + return -EACCES; /* INTEGRITY_UNKNOWN */ | |
| 288 | + return process_measurement(file, file->f_dentry->d_name.name, | |
| 289 | + MAY_EXEC, MODULE_CHECK); | |
| 302 | 290 | } |
| 303 | 291 | |
| 304 | 292 | static int __init init_ima(void) |