Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp209971pxb; Wed, 11 Nov 2020 01:26:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJwRTjpE8KhEWuHeNyn7NpCki7Va+8HCdeNwXlWow/lsLBl/81yUXWyQMWy4Dv193Ljq/n+W X-Received: by 2002:aa7:d9d3:: with SMTP id v19mr24808317eds.67.1605086791910; Wed, 11 Nov 2020 01:26:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605086791; cv=none; d=google.com; s=arc-20160816; b=IBgtKM7mMQwJk11VNUJfRnf1ycogPvpkZ/DnXkCNpHijVv6icVlPx9AnMihr0e7CkZ gGUJO9Mq2TvO/G+7ilQo21z1O1t+CqXTCn1iICuc1Yqfd4qlJu4z3YBIGW85/fG587Cv HEMqpMfItNMxAMg9OkxOhICduamU4mOtDkSjq5pGZ6UYO5g20dvRJllVSpDh6SRcQFjG 4Z244A0f1SeHGYhBs6sgArF3htDRDTtP5HIBWYJ3dlqB1JQcYv0v+D2ImMlE9onPr8C0 szaEFBr6NIgEHc1UJTaVgoMk121wlISKaIRBFey3env53K9o2NIcMQZNtVXjD+JGz7tg dzEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=0ztvAIIiXJlZBWY+uJtEut9Y1CHquLOpbXgp/r+1mdo=; b=FNUUwad7pNSw61abHDfaFrQaK0jGEP4MkR5Up3mdJ46pcUxtqOxjSRhO37J9jI6EtF dfZbWOX1aJlCqPVvx7t4nNR/ZSvHXcazIKF6+oED83BxulGUk59Hfbn0rx8+GR03JXM9 vE0a+mgQlHnxsF8p5PXaGkZEhpSSbk7RlsFQ9g/ZwcqxYyq3vcnlYFJ1JIn84CTn0dIB WPMQEWz/bQHoKzyJJGDB0FWjjLXk58/tTrtNiptjm0eC+eqnzMvT9lDEMZrO9nhwmxNM 1nVgd9b8JXmKuYlTW1WHnuVolp8i8SghLBN7/+Kd7CUikHrwG8ee59EHAkzxj34unGz4 yeZw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q5si1024742edv.293.2020.11.11.01.26.06; Wed, 11 Nov 2020 01:26:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727155AbgKKJYS (ORCPT + 99 others); Wed, 11 Nov 2020 04:24:18 -0500 Received: from frasgout.his.huawei.com ([185.176.79.56]:2084 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726181AbgKKJYD (ORCPT ); Wed, 11 Nov 2020 04:24:03 -0500 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.206]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4CWK4x6Rhqz67K9t; Wed, 11 Nov 2020 17:22:25 +0800 (CST) Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.161) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Wed, 11 Nov 2020 10:24:00 +0100 From: Roberto Sassu To: , CC: , , , , , Roberto Sassu , Subject: [PATCH v3 03/11] evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded Date: Wed, 11 Nov 2020 10:22:54 +0100 Message-ID: <20201111092302.1589-4-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.27.GIT In-Reply-To: <20201111092302.1589-1-roberto.sassu@huawei.com> References: <20201111092302.1589-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.204.65.161] X-ClientProxiedBy: lhreml735-chm.china.huawei.com (10.201.108.86) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org EVM_ALLOW_METADATA_WRITES is an EVM initialization flag that can be set to temporarily disable metadata verification until all xattrs/attrs necessary to verify an EVM portable signature are copied to the file. This flag is cleared when EVM is initialized with an HMAC key, to avoid that the HMAC is calculated on unverified xattrs/attrs. Currently EVM unnecessarily denies setting this flag if EVM is initialized with a public key, which is not a concern as it cannot be used to trust xattrs/attrs updates. This patch removes this limitation. Cc: stable@vger.kernel.org # 4.16.x Fixes: ae1ba1676b88e ("EVM: Allow userland to permit modification of EVM-protected metadata") Signed-off-by: Roberto Sassu --- Documentation/ABI/testing/evm | 5 +++-- security/integrity/evm/evm_secfs.c | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Documentation/ABI/testing/evm b/Documentation/ABI/testing/evm index 3c477ba48a31..eb6d70fd6fa2 100644 --- a/Documentation/ABI/testing/evm +++ b/Documentation/ABI/testing/evm @@ -49,8 +49,9 @@ Description: modification of EVM-protected metadata and disable all further modification of policy - Note that once a key has been loaded, it will no longer be - possible to enable metadata modification. + Note that once an HMAC key has been loaded, it will no longer + be possible to enable metadata modification and, if it is + already enabled, it will be disabled. Until key loading has been signaled EVM can not create or validate the 'security.evm' xattr, but returns diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c index cfc3075769bb..92fe26ace797 100644 --- a/security/integrity/evm/evm_secfs.c +++ b/security/integrity/evm/evm_secfs.c @@ -84,7 +84,7 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf, * keys are loaded. */ if ((i & EVM_ALLOW_METADATA_WRITES) && - ((evm_initialized & EVM_KEY_MASK) != 0) && + ((evm_initialized & EVM_INIT_HMAC) != 0) && !(evm_initialized & EVM_ALLOW_METADATA_WRITES)) return -EPERM; -- 2.27.GIT