diff options
author | Dmitry Kasatkin <dmitry.kasatkin@intel.com> | 2012-09-27 15:57:10 +0300 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-01-16 17:49:44 -0500 |
commit | 750943a30714b7e9a5a2b0e08eeef7a808b5a869 (patch) | |
tree | a75f963abc43a13e3d1a558b2f8c3d47b018b63d /security/integrity | |
parent | def3e8b9ee23cb69036910e48ec4e3eff40e04cb (diff) | |
download | lwn-750943a30714b7e9a5a2b0e08eeef7a808b5a869.tar.gz lwn-750943a30714b7e9a5a2b0e08eeef7a808b5a869.zip |
ima: remove enforce checking duplication
Based on the IMA appraisal policy, files are appraised. For those
files appraised, the IMA hooks return the integrity appraisal result,
assuming IMA-appraisal is in enforcing mode. This patch combines
both of these criteria (in policy and enforcing file integrity),
removing the checking duplication.
Changelog v1:
- Update hook comments
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/ima/ima_main.c | 52 |
1 files changed, 20 insertions, 32 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 45de18e9a6f2..1cd4eb2c3b90 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -208,7 +208,9 @@ static int process_measurement(struct file *file, const unsigned char *filename, kfree(pathbuf); out: mutex_unlock(&inode->i_mutex); - return (rc && must_appraise) ? -EACCES : 0; + if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE)) + return -EACCES; + return 0; } /** @@ -219,19 +221,15 @@ out: * Measure files being mmapped executable based on the ima_must_measure() * policy decision. * - * Return 0 on success, an error code on failure. - * (Based on the results of appraise_measurement().) + * On success return 0. On integrity appraisal error, assuming the file + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ int ima_file_mmap(struct file *file, unsigned long prot) { - int rc = 0; - - if (!file) - return 0; - if (prot & PROT_EXEC) - rc = process_measurement(file, file->f_dentry->d_name.name, - MAY_EXEC, FILE_MMAP); - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; + if (file && (prot & PROT_EXEC)) + return process_measurement(file, file->f_dentry->d_name.name, + MAY_EXEC, FILE_MMAP); + return 0; } /** @@ -244,18 +242,15 @@ int ima_file_mmap(struct file *file, unsigned long prot) * So we can be certain that what we verify and measure here is actually * what is being executed. * - * Return 0 on success, an error code on failure. - * (Based on the results of appraise_measurement().) + * On success return 0. On integrity appraisal error, assuming the file + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ int ima_bprm_check(struct linux_binprm *bprm) { - int rc; - - rc = process_measurement(bprm->file, + return process_measurement(bprm->file, (strcmp(bprm->filename, bprm->interp) == 0) ? bprm->filename : bprm->interp, MAY_EXEC, BPRM_CHECK); - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; } /** @@ -265,18 +260,15 @@ int ima_bprm_check(struct linux_binprm *bprm) * * Measure files based on the ima_must_measure() policy decision. * - * Always return 0 and audit dentry_open failures. - * (Return code will be based upon measurement appraisal.) + * On success return 0. On integrity appraisal error, assuming the file + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ int ima_file_check(struct file *file, int mask) { - int rc; - ima_rdwr_violation_check(file); - rc = process_measurement(file, file->f_dentry->d_name.name, + return process_measurement(file, file->f_dentry->d_name.name, mask & (MAY_READ | MAY_WRITE | MAY_EXEC), FILE_CHECK); - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; } EXPORT_SYMBOL_GPL(ima_file_check); @@ -286,19 +278,15 @@ EXPORT_SYMBOL_GPL(ima_file_check); * * Measure/appraise kernel modules based on policy. * - * Always return 0 and audit dentry_open failures. - * Return code is based upon measurement appraisal. + * On success return 0. On integrity appraisal error, assuming the file + * is in policy and IMA-appraisal is in enforcing mode, return -EACCES. */ int ima_module_check(struct file *file) { - int rc; - if (!file) - rc = INTEGRITY_UNKNOWN; - else - rc = process_measurement(file, file->f_dentry->d_name.name, - MAY_EXEC, MODULE_CHECK); - return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; + return -EACCES; /* INTEGRITY_UNKNOWN */ + return process_measurement(file, file->f_dentry->d_name.name, + MAY_EXEC, MODULE_CHECK); } static int __init init_ima(void) |