Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2024964imm;
        Thu, 27 Sep 2018 06:21:06 -0700 (PDT)
X-Google-Smtp-Source: ACcGV603hTbAunqZ4TYxfdbXtZHmW5ef2QkkzEs10O2JaNklESaEWfudGV/I9cw7A+F/lgZObvFs
X-Received: by 2002:a63:cf0e:: with SMTP id j14-v6mr10118422pgg.195.1538054465982;
        Thu, 27 Sep 2018 06:21:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1538054465; cv=none;
        d=google.com; s=arc-20160816;
        b=XdDMDvUM0LorFOvgV15+p9KLQnfyIYm62sVVz4NGLXCeVi4YiREy+3BY8glLNRIEX6
         v3jQmHwOReekRqj8fo00XeaD5Wi7Ncmfqq1ysjefoJMvmgez8iLeo8w4GOdbnpK/Gasn
         qj8fGygz0LCQtT7EUurjOBi9ho4KbZqYRnn1rqDE7oVPy4rWNw1//3Im4ySXCNhHtl7j
         O77eZtMovOU/JXBzquBWsvf3G64JW6ettI13Mt+tO+HT7eaIqgL4tWdBKdTZEv3Hai2B
         6L9XzCGO9zKlMIUzB4ubam2tS1S7xF91xvb3kfUR1hk2jafAzpJegsGKpAoMYpmEgnqv
         4t9w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-transfer-encoding
         :mime-version:references:in-reply-to:date:cc:to:from:subject;
        bh=CZzZLxvM3LTNfzH0TmItCrwkXzxYW7BpCIlWxvMP8bo=;
        b=BjGAhDw0uvIZ0N05u+hmaFYv7HLCigrOu2X6nRZfuBOjzecGMDzh3rvpsLWxqlMvdf
         xt91+kHljeLfUtlF7uiRHgPx1JDrkG/e+KnewqYHGVlWBqd4F3F54yQAvK2lBpHkBSxp
         /70UYdmwp1N0qNwDTVBRf7cQQhzHlierCkTkZDYh9LdoB+x2B7zzIfQUaa5lt4Ks3wZi
         Cs4tBmi7rcMP23mmsgUqPUcAyCcokFV5g7WBRV9n0GcaRy7Xm7MPWHDrcyhv0P5HzsIC
         xrW0geEGFIy2XrLCrToARi8qq0+lfmRCRqqTw3w7ke9InyimUoFY0O1GZ+13AeP/M07S
         FBBQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c3-v6si1950611pld.457.2018.09.27.06.20.39;
        Thu, 27 Sep 2018 06:21:05 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727487AbeI0Tir (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Thu, 27 Sep 2018 15:38:47 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:40470 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1727318AbeI0Tiq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 27 Sep 2018 15:38:46 -0400
Received: from pps.filterd (m0098414.ppops.net [127.0.0.1])
        by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w8RDHc0Z033952
        for <linux-kernel@vger.kernel.org>; Thu, 27 Sep 2018 09:20:31 -0400
Received: from e06smtp04.uk.ibm.com (e06smtp04.uk.ibm.com [195.75.94.100])
        by mx0b-001b2d01.pphosted.com with ESMTP id 2mryxm87ra-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Thu, 27 Sep 2018 09:20:30 -0400
Received: from localhost
        by e06smtp04.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <zohar@linux.ibm.com>;
        Thu, 27 Sep 2018 14:20:29 +0100
Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197)
        by e06smtp04.uk.ibm.com (192.168.101.134) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Thu, 27 Sep 2018 14:20:25 +0100
Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60])
        by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w8RDKOAC65011842
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
        Thu, 27 Sep 2018 13:20:24 GMT
Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 583EB42041;
        Thu, 27 Sep 2018 16:20:07 +0100 (BST)
Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 754594204B;
        Thu, 27 Sep 2018 16:20:06 +0100 (BST)
Received: from localhost.localdomain (unknown [9.80.85.160])
        by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Thu, 27 Sep 2018 16:20:06 +0100 (BST)
Subject: Re: [PATCH v4 5/6] ima: add support for external setting of
 ima_appraise
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     Nayna Jain <nayna@linux.vnet.ibm.com>,
        linux-integrity@vger.kernel.org
Cc:     linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org,
        linux-kernel@vger.kernel.org, dhowells@redhat.com,
        jforbes@redhat.com
Date:   Thu, 27 Sep 2018 09:20:12 -0400
In-Reply-To: <20180926122210.14642-6-nayna@linux.vnet.ibm.com>
References: <20180926122210.14642-1-nayna@linux.vnet.ibm.com>
         <20180926122210.14642-6-nayna@linux.vnet.ibm.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
x-cbid: 18092713-0016-0000-0000-0000020B56DA
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18092713-0017-0000-0000-000032627D19
Message-Id: <1538054412.3459.105.camel@linux.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-09-27_07:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0
 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.0.1-1807170000 definitions=main-1809270131
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Nayna,

On Wed, 2018-09-26 at 17:52 +0530, Nayna Jain wrote:
> The "ima_appraise" mode defaults to enforcing, unless configured to allow
> the boot command line "ima_appraise" option. This patch explicitly sets the
> "ima_appraise" mode for the arch specific policy setting.

Eventually this patch might be needed if/when we need to differentiate
between different secure boot modes.

Only if CONFIG_IMA_APPRAISE_BOOTPARAM is enabled, can the IMA appraise
mode be modified on the boot command line.  Instead of this patch, how
about making the ability to change the IMA appraise mode also
dependent on CONFIG_IMA_ARCH_POLICY not being enabled?

Mimi

> 
> Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
> ---
>  security/integrity/ima/ima.h          |  5 +++++
>  security/integrity/ima/ima_appraise.c | 11 +++++++++--
>  security/integrity/ima/ima_policy.c   |  5 ++++-
>  3 files changed, 18 insertions(+), 3 deletions(-)
> 
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index 588e4813370c..6e5fa7c42809 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -248,6 +248,7 @@ enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
>  				 int xattr_len);
>  int ima_read_xattr(struct dentry *dentry,
>  		   struct evm_ima_xattr_data **xattr_value);
> +void set_ima_appraise(char *str);
>  
>  #else
>  static inline int ima_appraise_measurement(enum ima_hooks func,
> @@ -290,6 +291,10 @@ static inline int ima_read_xattr(struct dentry *dentry,
>  	return 0;
>  }
>  
> +static inline void set_ima_appraise(char *str)
> +{
> +}
> +
>  #endif /* CONFIG_IMA_APPRAISE */
>  
>  /* LSM based policy rules require audit */
> diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> index 8bd7a0733e51..e061613bcb87 100644
> --- a/security/integrity/ima/ima_appraise.c
> +++ b/security/integrity/ima/ima_appraise.c
> @@ -18,15 +18,22 @@
>  
>  #include "ima.h"
>  
> -static int __init default_appraise_setup(char *str)
> +void set_ima_appraise(char *str)
>  {
> -#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
>  	if (strncmp(str, "off", 3) == 0)
>  		ima_appraise = 0;
>  	else if (strncmp(str, "log", 3) == 0)
>  		ima_appraise = IMA_APPRAISE_LOG;
>  	else if (strncmp(str, "fix", 3) == 0)
>  		ima_appraise = IMA_APPRAISE_FIX;
> +	else if (strncmp(str, "enforce", 7) == 0)
> +		ima_appraise = IMA_APPRAISE_ENFORCE;
> +}
> +
> +static int __init default_appraise_setup(char *str)
> +{
> +#ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
> +	set_ima_appraise(str);
>  #endif
>  	return 1;
>  }
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 5fb4b0c123a3..410fee31b162 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -585,9 +585,12 @@ void __init ima_init_policy(void)
>  	arch_entries = ima_init_arch_policy();
>  	if (!arch_entries)
>  		pr_info("No architecture policies found\n");
> -	else
> +	else {
>  		add_rules(arch_policy_entry, arch_entries,
>  			  IMA_DEFAULT_POLICY | IMA_CUSTOM_POLICY);
> +		if (temp_ima_appraise)
> +			set_ima_appraise("enforce");
> +	}
>  
>  	/*
>  	 * Insert the builtin "secure_boot" policy rules requiring file