Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp381813pxk; Fri, 11 Sep 2020 09:23:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyAugWxnEY80aJg+vGwro3RdouCk1MwNjxzppOJzgXPmBtRdiuwzFHrBeJASR07utn6chDt X-Received: by 2002:a17:906:8543:: with SMTP id h3mr2751333ejy.258.1599841425703; Fri, 11 Sep 2020 09:23:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599841425; cv=none; d=google.com; s=arc-20160816; b=vj+zRJzLRidNg7Fgz2sS4GQf3FfH57iK6U0ox4GzYmHsf+QZiTFKCY85FAcBO84ebF a5Gl2MQB0X1byTIF4Yq4Vy7i2P3f/LW0H9suKeaChO3nSWqIkf4djy9mG7eDHQUtaOEI 8t6IzIWVhH+uwbBjIVpjshftPtDLJGgxSeGQQaPkmM0QmDjLJqlP/n27ejiXyMR9et8Q //rkScJM1YAM98bOAbb5AwVP+RA6eC63g/loQdrMKsAGk4rz1nH5PW/fmh3eFrlZiFzU nws5bhalWPgqxB8cKhnO4hy9TpBqFgdogCweEtHMVcAkV+7jnddcgD/oaVNAe/ROfHTC 4wAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature:dkim-filter; bh=IGrl9wd59ouiSwrHZJue38Gb4uezQLGVnD6HcWU/o80=; b=O/GwRb1l+0U4Fp13U6ODNxOJg9StvyNcMpgIqRFJgzRlDdoin4Zt/rS+0DznGU1TYp Tu4IXrdyBV/fDsPf6tiSNtWK97oKwhzyYcbxJidqsVflxswZL3cnphIglpyOHS4M31hq NAm2hZbSedrw3+J5sBVAajy19Lqjm66cFBGkn47ILHC15RPWZtNVGOjX7qmKOpdmWBCZ GR+z78VpBRmi2mbrcm8Xu4HDMo9BV3sXwGaFI+3zJAMsmlkjq+krLFsIskV82ai1B/yq 9eWXj2vsKAfYzlnteYjzIEm6g+OZhUYvfW5MSXY23kGo/uCmpNSE68d9/OFXdEgjcWb/ /o1A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=FsBXu82E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g1si1575656ejz.637.2020.09.11.09.23.22; Fri, 11 Sep 2020 09:23:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=FsBXu82E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726555AbgIKQUs (ORCPT + 99 others); Fri, 11 Sep 2020 12:20:48 -0400 Received: from linux.microsoft.com ([13.77.154.182]:58712 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726547AbgIKQTI (ORCPT ); Fri, 11 Sep 2020 12:19:08 -0400 Received: from [192.168.86.21] (c-71-197-163-6.hsd1.wa.comcast.net [71.197.163.6]) by linux.microsoft.com (Postfix) with ESMTPSA id BADE820716FA; Fri, 11 Sep 2020 09:19:02 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com BADE820716FA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1599841143; bh=IGrl9wd59ouiSwrHZJue38Gb4uezQLGVnD6HcWU/o80=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=FsBXu82EbG6MT9yrcRvWBKCe/fCu0gn4AeEUk/dfZHITC7I1H5MCCf54UkUgHic+Q Q6RJ62GCP+uXr5rTl3rBDSNCjuooLp9aVofY2HZwXFj/+dwATBdWZ4oRCjIs0kWFaH hJ/BhkB7cn3gds8zgReSqdEySHPgV159fhuezYAs= Subject: Re: [PATCH v3 1/6] IMA: generalize keyring specific measurement constructs To: Mimi Zohar , stephen.smalley.work@gmail.com, casey@schaufler-ca.com, agk@redhat.com, snitzer@redhat.com, gmazyland@gmail.com Cc: tyhicks@linux.microsoft.com, sashal@kernel.org, jmorris@namei.org, nramas@linux.microsoft.com, linux-integrity@vger.kernel.org, selinux@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dm-devel@redhat.com References: <20200828015704.6629-1-tusharsu@linux.microsoft.com> <20200828015704.6629-2-tusharsu@linux.microsoft.com> <4802c73c2ed22c64ea4f315d3115ead919c3205e.camel@linux.ibm.com> From: Tushar Sugandhi Message-ID: <1a456a10-bb49-206b-9fb9-cc996eea6e29@linux.microsoft.com> Date: Fri, 11 Sep 2020 09:19:01 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <4802c73c2ed22c64ea4f315d3115ead919c3205e.camel@linux.ibm.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020-08-31 4:55 a.m., Mimi Zohar wrote: > On Thu, 2020-08-27 at 18:56 -0700, Tushar Sugandhi wrote: >> IMA functions such as ima_match_keyring(), process_buffer_measurement(), >> ima_match_policy() etc. handle data specific to keyrings. Currently, >> these constructs are not generic to handle any func specific data. >> This makes it harder to extend without code duplication. >> >> Refactor the keyring specific measurement constructs to be generic and >> reusable in other measurement scenarios. > > Mostly this patch changes the variable name from keyring to func_data, > which is good. Other changes should be minimized. > The only other change in this patch is introduction of bool allow_empty_opt_list, which is needed as per my comment below. Maybe I can move "allow_empty_opt_list" to a new patch after this one in this series. >> >> Signed-off-by: Tushar Sugandhi >> --- > > > >> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c >> index fe1df373c113..8866e84d0062 100644 >> --- a/security/integrity/ima/ima_policy.c >> +++ b/security/integrity/ima/ima_policy.c >> @@ -451,15 +451,21 @@ int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, >> } >> >> /** >> - * ima_match_keyring - determine whether the keyring matches the measure rule >> - * @rule: a pointer to a rule >> - * @keyring: name of the keyring to match against the measure rule >> + * ima_match_rule_data - determine whether the given func_data matches >> + * the measure rule data >> + * @rule: IMA policy rule >> + * @opt_list: rule data to match func_data against >> + * @func_data: data to match against the measure rule data >> + * @allow_empty_opt_list: If true matches all func_data >> * @cred: a pointer to a credentials structure for user validation >> * >> - * Returns true if keyring matches one in the rule, false otherwise. >> + * Returns true if func_data matches one in the rule, false otherwise. >> */ >> -static bool ima_match_keyring(struct ima_rule_entry *rule, >> - const char *keyring, const struct cred *cred) >> +static bool ima_match_rule_data(struct ima_rule_entry *rule, >> + const struct ima_rule_opt_list *opt_list, > > Ok > >> + const char *func_data, >> + bool allow_empty_opt_list, > > As the policy is loaded, shouldn't the rules should be checked, not > here on usage? > > Mimi Since "keyrings=" is optional, I cannot check the rule at load time for keyrings. func=KEY_CHECK may or may not have "keyrings=", and both are valid scenarios. However "critical_kernel_data_sources=" is mandatory for func=CRITICAL_DATA. So I am already making that check at policy load time. See patch 5/6 – function ima_match_rules(), where I check for IMA_DATA_SOURCES. + case CRITICAL_DATA: + if (!(entry->flags & IMA_DATA_SOURCES) || + return false; + Since ima_match_rule_data (this function) handles both func=KEY_CHECK and func=CRITICAL_DATA, we have to use the bool "allow_empty_opt_list" to differentiate between the two scenarios – whether the rule is optional or not for a given func. > >> + const struct cred *cred) >> { >> bool matched = false; >> size_t i; >>