Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1363758ybz;
        Wed, 22 Apr 2020 19:38:36 -0700 (PDT)
X-Google-Smtp-Source: APiQypIP37N+k6frbyftqDUYvoq2VpQlAFtEzKjOS9+dRjtfORQ+0MLN04K8shLOCa/1T3ZVmzyR
X-Received: by 2002:a50:abe2:: with SMTP id u89mr1155752edc.259.1587609516163;
        Wed, 22 Apr 2020 19:38:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587609516; cv=none;
        d=google.com; s=arc-20160816;
        b=O+Hm1HG9yvRKZmqHfPSiCulLksktk0+R5yEAXE6eTMemEVVknSa3gZKbKQBYJFFTDd
         AGVDPuAMbSHAtUD2RHN3r5wf2KDNAMCX1r+FEza+Ebl3uw3PJ9Hs9waP2nZ1lsARjmhC
         b27TuyseLqWz4b9g+OLDJ/o7WpxITUQyBQBVVFCHPTTqveNR5Ak376waX/TVVlsMlElL
         4TlAFrI3EtVz0DmNmvJPxtAVIDR98aBfbXAWLJqwd9P5z8HM28AfZnQkT7VN0rqaHdV6
         AKqTDWuBpoG004cpthBvUxPH3qHaeOc3GO4wCT3rW3fFPCKOnf4khdJVWAtxfPB/j0Ws
         1EJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:content-transfer-encoding
         :mime-version:references:in-reply-to:date:cc:to:from:subject;
        bh=TEq+CewaNX6fL/SL0f5QWwpoGD4hi2Qq061EXM6DJ/4=;
        b=G6eo2TuxyMoLYz7BhrA7wFHkKdzDsf4CNuxFJXPTZJ1i48nVO3PXGH8+roGTATcTWA
         Q/izUVfEqtIPktnAVhUhSMwD5HZyDYoHg3+bgD1P9tKyCOeP4uOAsC3C/LBO8QPG4YQe
         /QN0FslTWKhaR39JusWnP7qRZdWkCC+kOT2M8DD3Ok7pK+pvZdEYzOJ9347RaQ0E+BZh
         b7wN1Nj5AuGiUuzBaoapn7jpNXORbaNObZEBqJ+U9LJDOWAR4OsoNphSEF5YPOZs8+pC
         9CE9fRz/puyOQbej16+28dM1g9bb04tN0Lkgd6SwYIr8MPkKiyHHeDacraNlcXa2j6Ha
         r98Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l16si551511ejq.268.2020.04.22.19.38.11;
        Wed, 22 Apr 2020 19:38:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726469AbgDWCee (ORCPT <rfc822;proy.cse@gmail.com> + 99 others);
        Wed, 22 Apr 2020 22:34:34 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:62770 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726454AbgDWCed (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 22 Apr 2020 22:34:33 -0400
Received: from pps.filterd (m0098393.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03N23bw3139364
        for <linux-kernel@vger.kernel.org>; Wed, 22 Apr 2020 22:34:33 -0400
Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103])
        by mx0a-001b2d01.pphosted.com with ESMTP id 30gmv1g5xd-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Wed, 22 Apr 2020 22:34:32 -0400
Received: from localhost
        by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <zohar@linux.ibm.com>;
        Thu, 23 Apr 2020 03:34:24 +0100
Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196)
        by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256)
        Thu, 23 Apr 2020 03:34:22 +0100
Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62])
        by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 03N2YRh346399608
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Thu, 23 Apr 2020 02:34:27 GMT
Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 96873AE045;
        Thu, 23 Apr 2020 02:34:27 +0000 (GMT)
Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id D0274AE056;
        Thu, 23 Apr 2020 02:34:26 +0000 (GMT)
Received: from localhost.localdomain (unknown [9.85.162.195])
        by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP;
        Thu, 23 Apr 2020 02:34:26 +0000 (GMT)
Subject: Re: [PATCH] ima: Fix return value of ima_write_policy()
From:   Mimi Zohar <zohar@linux.ibm.com>
To:     Roberto Sassu <roberto.sassu@huawei.com>
Cc:     linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, silviu.vlasceanu@huawei.com,
        stable@vger.kernel.org
Date:   Wed, 22 Apr 2020 22:34:26 -0400
In-Reply-To: <20200421090442.22693-1-roberto.sassu@huawei.com>
References: <20200421090442.22693-1-roberto.sassu@huawei.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) 
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
x-cbid: 20042302-0028-0000-0000-000003FD4DCD
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 20042302-0029-0000-0000-000024C316E6
Message-Id: <1587609266.5165.58.camel@linux.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.676
 definitions=2020-04-22_08:2020-04-22,2020-04-22 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 clxscore=1015
 priorityscore=1501 impostorscore=0 adultscore=0 malwarescore=0
 suspectscore=0 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999
 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2003020000 definitions=main-2004230014
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 2020-04-21 at 11:04 +0200, Roberto Sassu wrote:
> Return datalen instead of zero if there is a rule to appraise the policy
> but that rule is not enforced.
> 
> Cc: stable@vger.kernel.org
> Fixes: 19f8a84713edc ("ima: measure and appraise the IMA policy itself")
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
>  security/integrity/ima/ima_fs.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
> index a71e822a6e92..2c2ea814b954 100644
> --- a/security/integrity/ima/ima_fs.c
> +++ b/security/integrity/ima/ima_fs.c
> @@ -340,6 +340,8 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
>  				    1, 0);
>  		if (ima_appraise & IMA_APPRAISE_ENFORCE)
>  			result = -EACCES;
> +		else
> +			result = datalen;

In all other cases, where the IMA_APPRAISE_ENFORCE is not enabled we
allow the action.  Here we prevent loading the policy, but don't
return an error.  One option, as you did, is return some indication
that the policy was not loaded.  Another option would be to allow
loading the policy in LOG or FIX mode, but I don't think that would be
productive.  Perhaps differentiate between the LOG and FIX modes from
the OFF mode.  For the LOG and FIX modes, perhaps return -EACCES as
well.  For the OFF case, loading a policy with appraise rules should
not be permitted.

Mimi

>  	} else {
>  		result = ima_parse_add_rule(data);
>  	}