Commit 217091dd7a7a1bdac027ddb7c5a25f6ac0b8e241
1 parent
bcbc9b0cf6
Exists in
master
and in
16 other branches
ima: define '_ima' as a builtin 'trusted' keyring
Require all keys added to the IMA keyring be signed by an existing trusted key on the system trusted keyring. Changelog: - define stub integrity_init_keyring() function (reported-by Fengguang Wu) - differentiate between regular and trusted keyring names. - replace printk with pr_info (D. Kasatkin) Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Showing 4 changed files with 55 additions and 1 deletions Side-by-side Diff
security/integrity/digsig.c
... | ... | @@ -13,7 +13,9 @@ |
13 | 13 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
14 | 14 | |
15 | 15 | #include <linux/err.h> |
16 | +#include <linux/sched.h> | |
16 | 17 | #include <linux/rbtree.h> |
18 | +#include <linux/cred.h> | |
17 | 19 | #include <linux/key-type.h> |
18 | 20 | #include <linux/digsig.h> |
19 | 21 | |
20 | 22 | |
21 | 23 | |
... | ... | @@ -21,11 +23,19 @@ |
21 | 23 | |
22 | 24 | static struct key *keyring[INTEGRITY_KEYRING_MAX]; |
23 | 25 | |
26 | +#ifdef CONFIG_IMA_TRUSTED_KEYRING | |
24 | 27 | static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { |
28 | + ".evm", | |
29 | + ".module", | |
30 | + ".ima", | |
31 | +}; | |
32 | +#else | |
33 | +static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { | |
25 | 34 | "_evm", |
26 | 35 | "_module", |
27 | 36 | "_ima", |
28 | 37 | }; |
38 | +#endif | |
29 | 39 | |
30 | 40 | int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, |
31 | 41 | const char *digest, int digestlen) |
... | ... | @@ -35,7 +45,7 @@ |
35 | 45 | |
36 | 46 | if (!keyring[id]) { |
37 | 47 | keyring[id] = |
38 | - request_key(&key_type_keyring, keyring_name[id], NULL); | |
48 | + request_key(&key_type_keyring, keyring_name[id], NULL); | |
39 | 49 | if (IS_ERR(keyring[id])) { |
40 | 50 | int err = PTR_ERR(keyring[id]); |
41 | 51 | pr_err("no %s keyring: %d\n", keyring_name[id], err); |
... | ... | @@ -55,5 +65,23 @@ |
55 | 65 | } |
56 | 66 | |
57 | 67 | return -EOPNOTSUPP; |
68 | +} | |
69 | + | |
70 | +int integrity_init_keyring(const unsigned int id) | |
71 | +{ | |
72 | + const struct cred *cred = current_cred(); | |
73 | + const struct user_struct *user = cred->user; | |
74 | + | |
75 | + keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), | |
76 | + KGIDT_INIT(0), cred, | |
77 | + ((KEY_POS_ALL & ~KEY_POS_SETATTR) | | |
78 | + KEY_USR_VIEW | KEY_USR_READ), | |
79 | + KEY_ALLOC_NOT_IN_QUOTA, user->uid_keyring); | |
80 | + if (!IS_ERR(keyring[id])) | |
81 | + set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags); | |
82 | + else | |
83 | + pr_info("Can't allocate %s keyring (%ld)\n", | |
84 | + keyring_name[id], PTR_ERR(keyring[id])); | |
85 | + return 0; | |
58 | 86 | } |
security/integrity/ima/Kconfig
... | ... | @@ -123,4 +123,12 @@ |
123 | 123 | For more information on integrity appraisal refer to: |
124 | 124 | <http://linux-ima.sourceforge.net> |
125 | 125 | If unsure, say N. |
126 | + | |
127 | +config IMA_TRUSTED_KEYRING | |
128 | + bool "Require all keys on the _ima keyring be signed" | |
129 | + depends on IMA_APPRAISE && SYSTEM_TRUSTED_KEYRING | |
130 | + default y | |
131 | + help | |
132 | + This option requires that all keys added to the _ima | |
133 | + keyring be signed by a key on the system trusted keyring. |
security/integrity/ima/ima_appraise.c
... | ... | @@ -381,4 +381,15 @@ |
381 | 381 | } |
382 | 382 | return result; |
383 | 383 | } |
384 | + | |
385 | +#ifdef CONFIG_IMA_TRUSTED_KEYRING | |
386 | +static int __init init_ima_keyring(void) | |
387 | +{ | |
388 | + int ret; | |
389 | + | |
390 | + ret = integrity_init_keyring(INTEGRITY_KEYRING_IMA); | |
391 | + return 0; | |
392 | +} | |
393 | +late_initcall(init_ima_keyring); | |
394 | +#endif |
security/integrity/integrity.h
... | ... | @@ -137,11 +137,18 @@ |
137 | 137 | #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS |
138 | 138 | int asymmetric_verify(struct key *keyring, const char *sig, |
139 | 139 | int siglen, const char *data, int datalen); |
140 | + | |
141 | +int integrity_init_keyring(const unsigned int id); | |
140 | 142 | #else |
141 | 143 | static inline int asymmetric_verify(struct key *keyring, const char *sig, |
142 | 144 | int siglen, const char *data, int datalen) |
143 | 145 | { |
144 | 146 | return -EOPNOTSUPP; |
147 | +} | |
148 | + | |
149 | +static int integrity_init_keyring(const unsigned int id) | |
150 | +{ | |
151 | + return 0; | |
145 | 152 | } |
146 | 153 | #endif |
147 | 154 |