Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit 3e8e5503a33577d89bdb7469b851b11f507bbed6

Authored by Roberto Sassu
Committed by Mimi Zohar
1 parent b6f8f16f41
Exists in master and in 16 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-01.00.00, processor-sdk-linux-02.00.01, smarc-ti-linux-3.14.y, smarc-ti-linux-3.15.y, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04, ti-linux-3.14.y, ti-linux-3.15.y, ti-lsk-linux-4.1.y

ima: do not send field length to userspace for digest of ima template 

This patch defines a new value for the 'ima_show_type' enumerator
(IMA_SHOW_BINARY_NO_FIELD_LEN) to prevent that the field length
is transmitted through the 'binary_runtime_measurements' interface
for the digest field of the 'ima' template.

Fixes commit: 3ce1217 ima: define template fields library and new helpers

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

Showing 3 changed files with 18 additions and 5 deletions Side-by-side Diff

security/integrity/ima/ima.h
Diff comments   View file @ 3e8e550
... ... @@ -26,7 +26,8 @@
26 26  
27 27 #include "../integrity.h"
28 28  
29   -enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII };
  29 +enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN,
  30 + IMA_SHOW_ASCII };
30 31 enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
31 32  
32 33 /* digest size for IMA, fits SHA1 or MD5 */
security/integrity/ima/ima_fs.c
Diff comments   View file @ 3e8e550
... ... @@ -120,6 +120,7 @@
120 120 struct ima_template_entry *e;
121 121 int namelen;
122 122 u32 pcr = CONFIG_IMA_MEASURE_PCR_IDX;
  123 + bool is_ima_template = false;
123 124 int i;
124 125  
125 126 /* get entry */
126 127  
... ... @@ -145,14 +146,21 @@
145 146 ima_putc(m, e->template_desc->name, namelen);
146 147  
147 148 /* 5th: template length (except for 'ima' template) */
148   - if (strcmp(e->template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0)
  149 + if (strcmp(e->template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0)
  150 + is_ima_template = true;
  151 +
  152 + if (!is_ima_template)
149 153 ima_putc(m, &e->template_data_len,
150 154 sizeof(e->template_data_len));
151 155  
152 156 /* 6th: template specific data */
153 157 for (i = 0; i < e->template_desc->num_fields; i++) {
154   - e->template_desc->fields[i]->field_show(m, IMA_SHOW_BINARY,
155   - &e->template_data[i]);
  158 + enum ima_show_type show = IMA_SHOW_BINARY;
  159 + struct ima_template_field *field = e->template_desc->fields[i];
  160 +
  161 + if (is_ima_template && strcmp(field->field_id, "d") == 0)
  162 + show = IMA_SHOW_BINARY_NO_FIELD_LEN;
  163 + field->field_show(m, show, &e->template_data[i]);
156 164 }
157 165 return 0;
158 166 }
security/integrity/ima/ima_template_lib.c
Diff comments   View file @ 3e8e550
... ... @@ -109,9 +109,12 @@
109 109 enum data_formats datafmt,
110 110 struct ima_field_data *field_data)
111 111 {
112   - ima_putc(m, &field_data->len, sizeof(u32));
  112 + if (show != IMA_SHOW_BINARY_NO_FIELD_LEN)
  113 + ima_putc(m, &field_data->len, sizeof(u32));
  114 +
113 115 if (!field_data->len)
114 116 return;
  117 +
115 118 ima_putc(m, field_data->data, field_data->len);
116 119 }
117 120  
... ... @@ -125,6 +128,7 @@
125 128 ima_show_template_data_ascii(m, show, datafmt, field_data);
126 129 break;
127 130 case IMA_SHOW_BINARY:
  131 + case IMA_SHOW_BINARY_NO_FIELD_LEN:
128 132 ima_show_template_data_binary(m, show, datafmt, field_data);
129 133 break;
130 134 default: