ima: define '_ima' as a builtin 'trusted' keyring

Require all keys added to the IMA keyring be signed by an existing trusted key on the system trusted keyring. Changelog: - define stub integrity_init_keyring() function (reported-by Fengguang Wu) - differentiate between regular and trusted keyring names. - replace printk with pr_info (D. Kasatkin) Signed-off-by: Mimi Zohar <zohar@us.ibm.com>

ima: define '_ima' as a builtin 'trusted' keyring
Require all keys added to the IMA keyring be signed by an existing trusted key on the system trusted keyring. Changelog: - define stub integrity_init_keyring() function (reported-by Fengguang Wu) - differentiate between regular and trusted keyring names. - replace printk with pr_info (D. Kasatkin) Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Mimi Zohar
1 parent bcbc9b0cf6
Showing 4 changed files with 55 additions and 1 deletions Side-by-side Diff
security/integrity/digsig.c
security/integrity/ima/Kconfig
security/integrity/ima/ima_appraise.c
security/integrity/integrity.h
@@ -13,7 +13,9 @@
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  
 #include <linux/err.h>
+#include <linux/sched.h>
 #include <linux/rbtree.h>
+#include <linux/cred.h>
 #include <linux/key-type.h>
 #include <linux/digsig.h>
  
  
  
@@ -21,11 +23,19 @@
  
 static struct key *keyring[INTEGRITY_KEYRING_MAX];
  
+#ifdef CONFIG_IMA_TRUSTED_KEYRING
 static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
+	".evm",
+	".module",
+	".ima",
+};
+#else
+static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
 	"_evm",
 	"_module",
 	"_ima",
 };
+#endif
  
 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
 			    const char *digest, int digestlen)
@@ -35,7 +45,7 @@
  
 	if (!keyring[id]) {
 		keyring[id] =
-			request_key(&key_type_keyring, keyring_name[id], NULL);
+		    request_key(&key_type_keyring, keyring_name[id], NULL);
 		if (IS_ERR(keyring[id])) {
 			int err = PTR_ERR(keyring[id]);
 			pr_err("no %s keyring: %d\n", keyring_name[id], err);
@@ -55,5 +65,23 @@
 	}
  
 	return -EOPNOTSUPP;
+}
+
+int integrity_init_keyring(const unsigned int id)
+{
+	const struct cred *cred = current_cred();
+	const struct user_struct *user = cred->user;
+
+	keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
+				    KGIDT_INIT(0), cred,
+				    ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
+				     KEY_USR_VIEW | KEY_USR_READ),
+				    KEY_ALLOC_NOT_IN_QUOTA, user->uid_keyring);
+	if (!IS_ERR(keyring[id]))
+		set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags);
+	else
+		pr_info("Can't allocate %s keyring (%ld)\n",
+			keyring_name[id], PTR_ERR(keyring[id]));
+	return 0;
 }
@@ -123,4 +123,12 @@
 	  For more information on integrity appraisal refer to:
 	  <http://linux-ima.sourceforge.net>
 	  If unsure, say N.
+
+config IMA_TRUSTED_KEYRING
+	bool "Require all keys on the _ima keyring be signed"
+	depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
+	default y
+	help
+	   This option requires that all keys added to the _ima
+	   keyring be signed by a key on the system trusted keyring.
@@ -381,4 +381,15 @@
 	}
 	return result;
 }
+
+#ifdef CONFIG_IMA_TRUSTED_KEYRING
+static int __init init_ima_keyring(void)
+{
+	int ret;
+
+	ret = integrity_init_keyring(INTEGRITY_KEYRING_IMA);
+	return 0;
+}
+late_initcall(init_ima_keyring);
+#endif
@@ -137,11 +137,18 @@
 #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
 int asymmetric_verify(struct key *keyring, const char *sig,
 		      int siglen, const char *data, int datalen);
+
+int integrity_init_keyring(const unsigned int id);
 #else
 static inline int asymmetric_verify(struct key *keyring, const char *sig,
 				    int siglen, const char *data, int datalen)
 {
 	return -EOPNOTSUPP;
+}
+
+static int integrity_init_keyring(const unsigned int id)
+{
+	return 0;
 }
 #endif
...	...	@@ -13,7 +13,9 @@
13	13	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14	14
15	15	#include <linux/err.h>
	16	+#include <linux/sched.h>
16	17	#include <linux/rbtree.h>
	18	+#include <linux/cred.h>
17	19	#include <linux/key-type.h>
18	20	#include <linux/digsig.h>
19	21
20	22
21	23
...	...	@@ -21,11 +23,19 @@
21	23
22	24	static struct key *keyring[INTEGRITY_KEYRING_MAX];
23	25
	26	+#ifdef CONFIG_IMA_TRUSTED_KEYRING
24	27	static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
	28	+ ".evm",
	29	+ ".module",
	30	+ ".ima",
	31	+};
	32	+#else
	33	+static const char *keyring_name[INTEGRITY_KEYRING_MAX] = {
25	34	"_evm",
26	35	"_module",
27	36	"_ima",
28	37	};
	38	+#endif
29	39
30	40	int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
31	41	const char *digest, int digestlen)
...	...	@@ -35,7 +45,7 @@
35	45
36	46	if (!keyring[id]) {
37	47	keyring[id] =
38		- request_key(&key_type_keyring, keyring_name[id], NULL);
	48	+ request_key(&key_type_keyring, keyring_name[id], NULL);
39	49	if (IS_ERR(keyring[id])) {
40	50	int err = PTR_ERR(keyring[id]);
41	51	pr_err("no %s keyring: %d\n", keyring_name[id], err);
...	...	@@ -55,5 +65,23 @@
55	65	}
56	66
57	67	return -EOPNOTSUPP;
	68	+}
	69	+
	70	+int integrity_init_keyring(const unsigned int id)
	71	+{
	72	+ const struct cred *cred = current_cred();
	73	+ const struct user_struct *user = cred->user;
	74	+
	75	+ keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
	76	+ KGIDT_INIT(0), cred,
	77	+ ((KEY_POS_ALL & ~KEY_POS_SETATTR) \|
	78	+ KEY_USR_VIEW \| KEY_USR_READ),
	79	+ KEY_ALLOC_NOT_IN_QUOTA, user->uid_keyring);
	80	+ if (!IS_ERR(keyring[id]))
	81	+ set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags);
	82	+ else
	83	+ pr_info("Can't allocate %s keyring (%ld)\n",
	84	+ keyring_name[id], PTR_ERR(keyring[id]));
	85	+ return 0;
58	86	}
...	...	@@ -123,4 +123,12 @@
123	123	For more information on integrity appraisal refer to:
124	124	<http://linux-ima.sourceforge.net>
125	125	If unsure, say N.
	126	+
	127	+config IMA_TRUSTED_KEYRING
	128	+ bool "Require all keys on the _ima keyring be signed"
	129	+ depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING
	130	+ default y
	131	+ help
	132	+ This option requires that all keys added to the _ima
	133	+ keyring be signed by a key on the system trusted keyring.
...	...	@@ -381,4 +381,15 @@
381	381	}
382	382	return result;
383	383	}
	384	+
	385	+#ifdef CONFIG_IMA_TRUSTED_KEYRING
	386	+static int __init init_ima_keyring(void)
	387	+{
	388	+ int ret;
	389	+
	390	+ ret = integrity_init_keyring(INTEGRITY_KEYRING_IMA);
	391	+ return 0;
	392	+}
	393	+late_initcall(init_ima_keyring);
	394	+#endif
...	...	@@ -137,11 +137,18 @@
137	137	#ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS
138	138	int asymmetric_verify(struct key keyring, const char sig,
139	139	int siglen, const char *data, int datalen);
	140	+
	141	+int integrity_init_keyring(const unsigned int id);
140	142	#else
141	143	static inline int asymmetric_verify(struct key keyring, const char sig,
142	144	int siglen, const char *data, int datalen)
143	145	{
144	146	return -EOPNOTSUPP;
	147	+}
	148	+
	149	+static int integrity_init_keyring(const unsigned int id)
	150	+{
	151	+ return 0;
145	152	}
146	153	#endif
147	154