From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00455C433DF for ; Wed, 17 Jun 2020 20:56:45 +0000 (UTC) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A5CDE2168B for ; Wed, 17 Jun 2020 20:56:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Ju0nEAqg" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A5CDE2168B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linux-audit-bounces@redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1592427403; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=oQsk0H+8gu5JWeO5wpu3Kmv2bfgW2z45sdXdyc/8jw8=; b=Ju0nEAqgQlv180m8pq22Egvk4Anzl1vvI1JVHDFRQr6YWS9/49R0nEARVVv4yJpzcLjjwI wacC79WlLdXgTF4scFiuIDnqMuaBHuqTc+/2xLO3UK8XB6jpGE8qt/YcRyHlZFt480Cqze Ier9KEDy+5MIx7moUUnlXFCvTdRtr9U= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-463-rwKB0pTHMaSuqTYqjh1c1A-1; Wed, 17 Jun 2020 16:56:42 -0400 X-MC-Unique: rwKB0pTHMaSuqTYqjh1c1A-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AB8698014D4; Wed, 17 Jun 2020 20:56:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 877205D9E4; Wed, 17 Jun 2020 20:56:38 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3678D1809547; Wed, 17 Jun 2020 20:56:38 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 05HKiqu6030809 for ; Wed, 17 Jun 2020 16:44:53 -0400 Received: by smtp.corp.redhat.com (Postfix) id CA59A2156A2E; Wed, 17 Jun 2020 20:44:52 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C4C6D2157F26 for ; Wed, 17 Jun 2020 20:44:50 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EDE028007CB for ; Wed, 17 Jun 2020 20:44:49 +0000 (UTC) Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by relay.mimecast.com with ESMTP id us-mta-347-gmpHsf7POa-9Gp0xfg9dWQ-1; Wed, 17 Jun 2020 16:44:42 -0400 X-MC-Unique: gmpHsf7POa-9Gp0xfg9dWQ-1 Received: from localhost.localdomain (c-73-42-176-67.hsd1.wa.comcast.net [73.42.176.67]) by linux.microsoft.com (Postfix) with ESMTPSA id 682C020B7192; Wed, 17 Jun 2020 13:44:41 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 682C020B7192 From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, bauerman@linux.ibm.com, nayna@linux.ibm.com, sgrubb@redhat.com, paul@paul-moore.com Subject: [PATCH 1/2] IMA: pass error code in result parameter to integrity_audit_msg() Date: Wed, 17 Jun 2020 13:44:35 -0700 Message-Id: <20200617204436.2226-1-nramas@linux.microsoft.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id 05HKiqu6030809 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Wed, 17 Jun 2020 16:55:12 -0400 Cc: rgb@redhat.com, linux-integrity@vger.kernel.org, linux-audit@redhat.com, linux-kernel@vger.kernel.org X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit The value passed in "result" parameter to integrity_audit_msg() is not an error code in some instances. Update these instances so that "result" parameter always contains an error code. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima_appraise.c | 20 ++++++++++++-------- security/integrity/ima/ima_fs.c | 8 +++++--- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index a9649b04b9f1..253dcb331249 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -226,7 +226,7 @@ static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint, } clear_bit(IMA_DIGSIG, &iint->atomic_flags); if (xattr_len - sizeof(xattr_value->type) - hash_start >= - iint->ima_hash->length) + iint->ima_hash->length) { /* * xattr length may be longer. md5 hash in previous * version occupied 20 bytes in xattr, instead of 16 @@ -234,6 +234,9 @@ static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint, rc = memcmp(&xattr_value->data[hash_start], iint->ima_hash->digest, iint->ima_hash->length); + if (rc) + rc = -EINVAL; + } else rc = -EINVAL; if (rc) { @@ -355,7 +358,7 @@ int ima_appraise_measurement(enum ima_hooks func, struct dentry *dentry = file_dentry(file); struct inode *inode = d_backing_inode(dentry); enum integrity_status status = INTEGRITY_UNKNOWN; - int rc = xattr_len; + int rc = -EACCES; bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig; /* If not appraising a modsig, we need an xattr. */ @@ -363,10 +366,7 @@ int ima_appraise_measurement(enum ima_hooks func, return INTEGRITY_UNKNOWN; /* If reading the xattr failed and there's no modsig, error out. */ - if (rc <= 0 && !try_modsig) { - if (rc && rc != -ENODATA) - goto out; - + if (xattr_len <= 0 && !try_modsig) { cause = iint->flags & IMA_DIGSIG_REQUIRED ? "IMA-signature-required" : "missing-hash"; status = INTEGRITY_NOLABEL; @@ -379,7 +379,8 @@ int ima_appraise_measurement(enum ima_hooks func, goto out; } - status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, + xattr_value, xattr_len, iint); switch (status) { case INTEGRITY_PASS: case INTEGRITY_PASS_IMMUTABLE: @@ -432,14 +433,17 @@ int ima_appraise_measurement(enum ima_hooks func, if ((ima_appraise & IMA_APPRAISE_FIX) && !try_modsig && (!xattr_value || xattr_value->type != EVM_IMA_XATTR_DIGSIG)) { - if (!ima_fix_xattr(dentry, iint)) + if (!ima_fix_xattr(dentry, iint)) { status = INTEGRITY_PASS; + rc = 0; + } } /* Permit new files with file signatures, but without data. */ if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE && xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG) { status = INTEGRITY_PASS; + rc = 0; } integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename, diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index e3fcad871861..a3a270cff94f 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -335,10 +335,10 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, result = ima_read_policy(data); } else if (ima_appraise & IMA_APPRAISE_POLICY) { pr_err("signed policy file (specified as an absolute pathname) required\n"); + result = -EACCES; integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, "policy_update", "signed policy required", - 1, 0); - result = -EACCES; + result, 0); } else { result = ima_parse_add_rule(data); } @@ -406,6 +406,7 @@ static int ima_open_policy(struct inode *inode, struct file *filp) static int ima_release_policy(struct inode *inode, struct file *file) { const char *cause = valid_policy ? "completed" : "failed"; + int result = 0; if ((file->f_flags & O_ACCMODE) == O_RDONLY) return seq_release(inode, file); @@ -413,11 +414,12 @@ static int ima_release_policy(struct inode *inode, struct file *file) if (valid_policy && ima_check_policy() < 0) { cause = "failed"; valid_policy = 0; + result = -EINVAL; } pr_info("policy update %s\n", cause); integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, - "policy_update", cause, !valid_policy, 0); + "policy_update", cause, result, 0); if (!valid_policy) { ima_delete_rules(); -- 2.27.0 -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.6 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,UNWANTED_LANGUAGE_BODY,USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8439AC433E0 for ; Wed, 17 Jun 2020 20:44:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6307321556 for ; Wed, 17 Jun 2020 20:44:45 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="AhZzI1uo" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726986AbgFQUon (ORCPT ); Wed, 17 Jun 2020 16:44:43 -0400 Received: from linux.microsoft.com ([13.77.154.182]:55572 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726879AbgFQUom (ORCPT ); Wed, 17 Jun 2020 16:44:42 -0400 Received: from localhost.localdomain (c-73-42-176-67.hsd1.wa.comcast.net [73.42.176.67]) by linux.microsoft.com (Postfix) with ESMTPSA id 682C020B7192; Wed, 17 Jun 2020 13:44:41 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 682C020B7192 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1592426681; bh=FRjnd7LzSpMwTJfbQgmfF6wTlowj4c4FlZqqooRPOZw=; h=From:To:Cc:Subject:Date:From; b=AhZzI1uo2qTNlEeTeEHm+zXRk94Bf5ivB9RgYOv/HTgtRTYPEb3pwRDgtSPsjyz7W phKXTQfCBPQqwj0DLleE6Ce02H1fDJjlfqr+ZlX3Tapaf5S9QPhb3eSGqDVK3RlUrh VSTxFUii3BPoUy+bfaocSOB/QBJOfVtwvZbLKKt0= From: Lakshmi Ramasubramanian To: zohar@linux.ibm.com, bauerman@linux.ibm.com, nayna@linux.ibm.com, sgrubb@redhat.com, paul@paul-moore.com Cc: rgb@redhat.com, linux-integrity@vger.kernel.org, linux-audit@redhat.com, linux-kernel@vger.kernel.org Subject: [PATCH 1/2] IMA: pass error code in result parameter to integrity_audit_msg() Date: Wed, 17 Jun 2020 13:44:35 -0700 Message-Id: <20200617204436.2226-1-nramas@linux.microsoft.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org The value passed in "result" parameter to integrity_audit_msg() is not an error code in some instances. Update these instances so that "result" parameter always contains an error code. Signed-off-by: Lakshmi Ramasubramanian --- security/integrity/ima/ima_appraise.c | 20 ++++++++++++-------- security/integrity/ima/ima_fs.c | 8 +++++--- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index a9649b04b9f1..253dcb331249 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -226,7 +226,7 @@ static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint, } clear_bit(IMA_DIGSIG, &iint->atomic_flags); if (xattr_len - sizeof(xattr_value->type) - hash_start >= - iint->ima_hash->length) + iint->ima_hash->length) { /* * xattr length may be longer. md5 hash in previous * version occupied 20 bytes in xattr, instead of 16 @@ -234,6 +234,9 @@ static int xattr_verify(enum ima_hooks func, struct integrity_iint_cache *iint, rc = memcmp(&xattr_value->data[hash_start], iint->ima_hash->digest, iint->ima_hash->length); + if (rc) + rc = -EINVAL; + } else rc = -EINVAL; if (rc) { @@ -355,7 +358,7 @@ int ima_appraise_measurement(enum ima_hooks func, struct dentry *dentry = file_dentry(file); struct inode *inode = d_backing_inode(dentry); enum integrity_status status = INTEGRITY_UNKNOWN; - int rc = xattr_len; + int rc = -EACCES; bool try_modsig = iint->flags & IMA_MODSIG_ALLOWED && modsig; /* If not appraising a modsig, we need an xattr. */ @@ -363,10 +366,7 @@ int ima_appraise_measurement(enum ima_hooks func, return INTEGRITY_UNKNOWN; /* If reading the xattr failed and there's no modsig, error out. */ - if (rc <= 0 && !try_modsig) { - if (rc && rc != -ENODATA) - goto out; - + if (xattr_len <= 0 && !try_modsig) { cause = iint->flags & IMA_DIGSIG_REQUIRED ? "IMA-signature-required" : "missing-hash"; status = INTEGRITY_NOLABEL; @@ -379,7 +379,8 @@ int ima_appraise_measurement(enum ima_hooks func, goto out; } - status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, + xattr_value, xattr_len, iint); switch (status) { case INTEGRITY_PASS: case INTEGRITY_PASS_IMMUTABLE: @@ -432,14 +433,17 @@ int ima_appraise_measurement(enum ima_hooks func, if ((ima_appraise & IMA_APPRAISE_FIX) && !try_modsig && (!xattr_value || xattr_value->type != EVM_IMA_XATTR_DIGSIG)) { - if (!ima_fix_xattr(dentry, iint)) + if (!ima_fix_xattr(dentry, iint)) { status = INTEGRITY_PASS; + rc = 0; + } } /* Permit new files with file signatures, but without data. */ if (inode->i_size == 0 && iint->flags & IMA_NEW_FILE && xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG) { status = INTEGRITY_PASS; + rc = 0; } integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename, diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index e3fcad871861..a3a270cff94f 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -335,10 +335,10 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, result = ima_read_policy(data); } else if (ima_appraise & IMA_APPRAISE_POLICY) { pr_err("signed policy file (specified as an absolute pathname) required\n"); + result = -EACCES; integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, "policy_update", "signed policy required", - 1, 0); - result = -EACCES; + result, 0); } else { result = ima_parse_add_rule(data); } @@ -406,6 +406,7 @@ static int ima_open_policy(struct inode *inode, struct file *filp) static int ima_release_policy(struct inode *inode, struct file *file) { const char *cause = valid_policy ? "completed" : "failed"; + int result = 0; if ((file->f_flags & O_ACCMODE) == O_RDONLY) return seq_release(inode, file); @@ -413,11 +414,12 @@ static int ima_release_policy(struct inode *inode, struct file *file) if (valid_policy && ima_check_policy() < 0) { cause = "failed"; valid_policy = 0; + result = -EINVAL; } pr_info("policy update %s\n", cause); integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, - "policy_update", cause, !valid_policy, 0); + "policy_update", cause, result, 0); if (!valid_policy) { ima_delete_rules(); -- 2.27.0