diff options
author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2014-03-27 10:29:28 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-06-12 17:58:07 -0400 |
commit | 14503eb99414ceffe348b82982d5770b745f6626 (patch) | |
tree | f36a32c4d6e88b1668308495bbb2b37816360a40 /security/integrity | |
parent | b882fae2d3a832fdcdc194c9f358390b1efca8e7 (diff) | |
download | lwn-14503eb99414ceffe348b82982d5770b745f6626.tar.gz lwn-14503eb99414ceffe348b82982d5770b745f6626.zip |
ima: check inode integrity cache in violation check
When IMA did not support ima-appraisal, existance of the S_IMA flag
clearly indicated that the file was measured. With IMA appraisal S_IMA
flag indicates that file was measured and/or appraised. Because of
this, when measurement is not enabled by the policy, violations are
still reported.
To differentiate between measurement and appraisal policies this
patch checks the inode integrity cache flags. The IMA_MEASURED
flag indicates whether the file was actually measured, while the
IMA_MEASURE flag indicates whether the file should be measured.
Unfortunately, the IMA_MEASURED flag is reset to indicate the file
needs to be re-measured. Thus, this patch checks the IMA_MEASURE
flag.
This patch limits the false positive violation reports, but does
not fix it entirely. The IMA_MEASURE/IMA_MEASURED flags are
indications that, at some point in time, the file opened for read
was in policy, but might not be in policy now (eg. different uid).
Other changes would be needed to further limit false positive
violation reports.
Changelog:
- expanded patch description based on conversation with Roberto (Mimi)
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/ima/ima_main.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 7689c1e21f09..09baa335ebc7 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -91,8 +91,13 @@ static void ima_rdwr_violation_check(struct file *file) mutex_lock(&inode->i_mutex); /* file metadata: permissions, xattr */ if (mode & FMODE_WRITE) { - if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) - send_tomtou = true; + if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { + struct integrity_iint_cache *iint; + iint = integrity_iint_find(inode); + /* IMA_MEASURE is set from reader side */ + if (iint && (iint->flags & IMA_MEASURE)) + send_tomtou = true; + } } else { if ((atomic_read(&inode->i_writecount) > 0) && ima_must_measure(inode, MAY_READ, FILE_CHECK)) |