Received: by 2002:a17:90a:9307:0:0:0:0 with SMTP id p7csp3949752pjo; Tue, 3 Mar 2020 09:58:15 -0800 (PST) X-Google-Smtp-Source: ADFU+vtdYPFUJkgP72HnIhOKgRb1iG/pRgwnBWbnEW7OTwnnJ0rsz53ieph8EcnppjCblLZD/LsG X-Received: by 2002:a9d:3b09:: with SMTP id z9mr4310434otb.195.1583258295666; Tue, 03 Mar 2020 09:58:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583258295; cv=none; d=google.com; s=arc-20160816; b=b/FN924BtMDMLi7ro58JlyoD62EFCHO0vFid6PSuKoC7NYWMOdewmSIPRQA1rQs8hk jY6ojQtttHAgwEbwMpD1utB1iVeo5EzNLAgd3HtCHphpYnFTClV9p476jQrBKOuWAADG 2Z+1O1ZGKraQoCbEgkCVAfVIIZGg0x0aDnZwiNW7zK8NqwFMwvSKnR22mCwpelZTXdFL HYk4xUCEsV+/s6jy9Pp0tUzF2eaTrXH4/fM3DH9Pdg8xbwHBPlhQ4Q+ikLlhl1L91fSI ne68ptvELOdprkAH1EH1n+axF+f95P7gMDTCBNe9iZgnndTXrVAIlI8zShmWHLIQ0xK0 Me6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QRy7z/SLYcRAcdk5kM+HS31xI3POQJ7fMqpDr+eqhvY=; b=zCxQFekSfxMUCYqtiBQCaHyGWVgAnF/Akmk/rm17SAK9pn4rE7M7PBS1hkKgToc1kY 4wCZbLyt37FBdEknyvRxHLxCxTExHwL1eONdUuOVQC5Q9LH8fOW2QaaY67PIFrFAAPLD 4R55Nep8f8Mx4QkowzsljrcOYHKzpEuMWSwY7YKmhUKkEu3VKggZacWNW1VWJsRKGfW4 1VtuDwegbRg4s5bFmLZnjrvbIqjZ9YnQ8Qn9WrqfvfEQJn0m7aifLDvxyf12wHfRYiUe EjLO/mC89l6QPJU/FQeoJI8WhCSdeT7GNB9vsM8Rck0MdmA2N/95NADooCoNJoCaK8kP Y05Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yC8s1D3S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m12si7162691otn.225.2020.03.03.09.58.03; Tue, 03 Mar 2020 09:58:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yC8s1D3S; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733090AbgCCR53 (ORCPT + 99 others); Tue, 3 Mar 2020 12:57:29 -0500 Received: from mail.kernel.org ([198.145.29.99]:40000 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733075AbgCCR52 (ORCPT ); Tue, 3 Mar 2020 12:57:28 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 882DB20656; Tue, 3 Mar 2020 17:57:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1583258248; bh=bAUUKb7tQmovY2KCpkljFtcy/HITx7HxuDONJh7/nAw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=yC8s1D3SdTITmEWqvqtoTONuXyxUAHLxPlWgol8p9DdfFLmmsy3hlJ7xeHXJZ3T7q rzrSJkZI42yUHWPaskvK37XbcuxkyUCOYMB7EAxVUyO63f0SJUuaZkABGSUNLLcSY+ jaCBPzwFngUCo93RlDqmPx8saHxqEbMWmWOc8xbs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Casey Schaufler , Mimi Zohar , Janne Karhunen , Konsta Karsisto Subject: [PATCH 5.4 127/152] ima: ima/lsm policy rule loading logic bug fixes Date: Tue, 3 Mar 2020 18:43:45 +0100 Message-Id: <20200303174317.233730377@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200303174302.523080016@linuxfoundation.org> References: <20200303174302.523080016@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Janne Karhunen commit 483ec26eed42bf050931d9a5c5f9f0b5f2ad5f3b upstream. Keep the ima policy rules around from the beginning even if they appear invalid at the time of loading, as they may become active after an lsm policy load. However, loading a custom IMA policy with unknown LSM labels is only safe after we have transitioned from the "built-in" policy rules to a custom IMA policy. Patch also fixes the rule re-use during the lsm policy reload and makes some prints a bit more human readable. Changelog: v4: - Do not allow the initial policy load refer to non-existing lsm rules. v3: - Fix too wide policy rule matching for non-initialized LSMs v2: - Fix log prints Fixes: b16942455193 ("ima: use the lsm policy update notifier") Cc: Casey Schaufler Reported-by: Mimi Zohar Signed-off-by: Janne Karhunen Signed-off-by: Konsta Karsisto Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman --- security/integrity/ima/ima_policy.c | 44 +++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 18 deletions(-) --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -263,7 +263,7 @@ static void ima_lsm_free_rule(struct ima static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) { struct ima_rule_entry *nentry; - int i, result; + int i; nentry = kmalloc(sizeof(*nentry), GFP_KERNEL); if (!nentry) @@ -277,7 +277,7 @@ static struct ima_rule_entry *ima_lsm_co memset(nentry->lsm, 0, FIELD_SIZEOF(struct ima_rule_entry, lsm)); for (i = 0; i < MAX_LSM_RULES; i++) { - if (!entry->lsm[i].rule) + if (!entry->lsm[i].args_p) continue; nentry->lsm[i].type = entry->lsm[i].type; @@ -286,13 +286,13 @@ static struct ima_rule_entry *ima_lsm_co if (!nentry->lsm[i].args_p) goto out_err; - result = security_filter_rule_init(nentry->lsm[i].type, - Audit_equal, - nentry->lsm[i].args_p, - &nentry->lsm[i].rule); - if (result == -EINVAL) - pr_warn("ima: rule for LSM \'%d\' is undefined\n", - entry->lsm[i].type); + security_filter_rule_init(nentry->lsm[i].type, + Audit_equal, + nentry->lsm[i].args_p, + &nentry->lsm[i].rule); + if (!nentry->lsm[i].rule) + pr_warn("rule for LSM \'%s\' is undefined\n", + (char *)entry->lsm[i].args_p); } return nentry; @@ -329,7 +329,7 @@ static void ima_lsm_update_rules(void) list_for_each_entry_safe(entry, e, &ima_policy_rules, list) { needs_update = 0; for (i = 0; i < MAX_LSM_RULES; i++) { - if (entry->lsm[i].rule) { + if (entry->lsm[i].args_p) { needs_update = 1; break; } @@ -339,8 +339,7 @@ static void ima_lsm_update_rules(void) result = ima_lsm_update_rule(entry); if (result) { - pr_err("ima: lsm rule update error %d\n", - result); + pr_err("lsm rule update error %d\n", result); return; } } @@ -357,7 +356,7 @@ int ima_lsm_policy_change(struct notifie } /** - * ima_match_rules - determine whether an inode matches the measure rule. + * ima_match_rules - determine whether an inode matches the policy rule. * @rule: a pointer to a rule * @inode: a pointer to an inode * @cred: a pointer to a credentials structure for user validation @@ -415,9 +414,12 @@ static bool ima_match_rules(struct ima_r int rc = 0; u32 osid; - if (!rule->lsm[i].rule) - continue; - + if (!rule->lsm[i].rule) { + if (!rule->lsm[i].args_p) + continue; + else + return false; + } switch (i) { case LSM_OBJ_USER: case LSM_OBJ_ROLE: @@ -822,8 +824,14 @@ static int ima_lsm_rule_init(struct ima_ entry->lsm[lsm_rule].args_p, &entry->lsm[lsm_rule].rule); if (!entry->lsm[lsm_rule].rule) { - kfree(entry->lsm[lsm_rule].args_p); - return -EINVAL; + pr_warn("rule for LSM \'%s\' is undefined\n", + (char *)entry->lsm[lsm_rule].args_p); + + if (ima_rules == &ima_default_rules) { + kfree(entry->lsm[lsm_rule].args_p); + result = -EINVAL; + } else + result = 0; } return result;