Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp2316545pxu;
        Sun, 13 Dec 2020 22:03:07 -0800 (PST)
X-Google-Smtp-Source: ABdhPJzT1ZY2nOwCPlhE4BmjJdVP5h85g02Ntf4DdVNnHqbyajWEAyAj15tM55xVbsK87Q7TQw2Q
X-Received: by 2002:aa7:c58a:: with SMTP id g10mr7175956edq.315.1607925787632;
        Sun, 13 Dec 2020 22:03:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1607925787; cv=none;
        d=google.com; s=arc-20160816;
        b=T+DDxfJ8/Uf/8Fs1HIy1FIZK/03jDm3/QVJ2kEzb/mdbNGgiGqF3FHBsas+2edL3YE
         HYF0n5L75EYXMD4SdaDSIad4h2xHT2WNJrtItod8LoPc3qcTpt+j3T69s9VCSmRwMfjv
         kh1tTVIAfc55Kv/I7OanyrO9N5MHclaMrvUXzYcrQ0bZRwdfGqEZg9OpKjvkI1Po7Jz8
         vvRcyeP8SUb7SxgYYDwWh0QxIzy+zyISrUtBLHRAMwkcHNCQ4f9YB9EGVZvucT+1IP0W
         xBLTgRFDGZMPQXdj/EHVX7+CuZV2vulUfol0DHNCUr1B46rB7ncoh5pLagX37Iw6C8fN
         YeYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:references:in-reply-to:message-id:date:subject
         :cc:to:from:dkim-signature:dkim-filter;
        bh=dq267PSzXubGwV8UTPheaPF0iEo7081nrpgy09hyXjg=;
        b=wJ43AphWPs3wyLMDUmZNl3BuQ30FRzSKBsL6/pZIEyZ2r8IsRYzUgUXDChAKozY6Gp
         RhG0Hi8+NiU1Cum0Px/9j1fr8+AHfj/sbau8TJdRJE/HFzS1ZzNgY9cSv57JhkIEm7sj
         UpKU7A/+G1ILpRpy2FV9KTaYBXSH55BOHP9NflOsfBx/cwf0WVQ4R1LKvxjxfBjq0m4t
         w92K7ecvJJQeWn6TDGcVewpNZlyBMVP73YhqkuNGtp1vrZRdFRVR49J6xBOX7MCxnI9g
         QQIyA+KMeRnjn/LXnvoIUm7on8O+58nOtmNxeoBBLTNUrtIsecNMRVNXr5o5FOFfgYox
         bSEw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b="l+s/Zd2/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id k25si8480170ejz.91.2020.12.13.22.02.29;
        Sun, 13 Dec 2020 22:03:07 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b="l+s/Zd2/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2439712AbgLLSEl (ORCPT <rfc822;linuxbird7@gmail.com>
        + 99 others); Sat, 12 Dec 2020 13:04:41 -0500
Received: from linux.microsoft.com ([13.77.154.182]:51042 "EHLO
        linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2439662AbgLLSD4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 12 Dec 2020 13:03:56 -0500
Received: from tusharsu-Ubuntu.lan (c-71-197-163-6.hsd1.wa.comcast.net [71.197.163.6])
        by linux.microsoft.com (Postfix) with ESMTPSA id 1BBF320B7187;
        Sat, 12 Dec 2020 10:03:15 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 1BBF320B7187
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1607796195;
        bh=dq267PSzXubGwV8UTPheaPF0iEo7081nrpgy09hyXjg=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=l+s/Zd2/HGhBjzhKXWpEM1PnAl9bN7sR4XyVGd8sFHq4Fjxj56aInYTwuQC2wBEk3
         r6DYdVbiQU/oQs8Bx+LgBipf8ITf7+TxCzYf84+5a0S1mW36WHGLuE0rBuWsWsDacK
         i30Mrq47sv5MbQOAUBaRDjcppYF/0ccX9fc4QSEg=
From:   Tushar Sugandhi <tusharsu@linux.microsoft.com>
To:     zohar@linux.ibm.com, stephen.smalley.work@gmail.com,
        casey@schaufler-ca.com, agk@redhat.com, snitzer@redhat.com,
        gmazyland@gmail.com, paul@paul-moore.com
Cc:     tyhicks@linux.microsoft.com, sashal@kernel.org, jmorris@namei.org,
        nramas@linux.microsoft.com, linux-integrity@vger.kernel.org,
        selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, dm-devel@redhat.com
Subject: [PATCH v9 3/8] IMA: define a hook to measure kernel integrity critical data
Date:   Sat, 12 Dec 2020 10:02:46 -0800
Message-Id: <20201212180251.9943-4-tusharsu@linux.microsoft.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201212180251.9943-1-tusharsu@linux.microsoft.com>
References: <20201212180251.9943-1-tusharsu@linux.microsoft.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

IMA provides capabilities to measure file data, and in-memory buffer
data. However, various data structures, policies, and states
stored in kernel memory also impact the integrity of the system.
Several kernel subsystems contain such integrity critical data. These
kernel subsystems help protect the integrity of a device. Currently,
IMA does not provide a generic function for kernel subsystems to measure
their integrity critical data.
 
Define a new IMA hook - ima_measure_critical_data to measure kernel
integrity critical data.

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
---
 include/linux/ima.h               |  6 ++++++
 security/integrity/ima/ima.h      |  1 +
 security/integrity/ima/ima_api.c  |  2 +-
 security/integrity/ima/ima_main.c | 34 +++++++++++++++++++++++++++++++
 4 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index ac3d82f962f2..675f54db6264 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -30,6 +30,9 @@ extern int ima_post_read_file(struct file *file, void *buf, loff_t size,
 extern void ima_post_path_mknod(struct dentry *dentry);
 extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
 extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
+extern void ima_measure_critical_data(const char *event_name,
+				      const void *buf, int buf_len,
+				      bool measure_buf_hash);
 
 #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
 extern void ima_appraise_parse_cmdline(void);
@@ -122,6 +125,9 @@ static inline int ima_file_hash(struct file *file, char *buf, size_t buf_size)
 }
 
 static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {}
+static inline void ima_measure_critical_data(const char *event_name,
+					     const void *buf, int buf_len,
+					     bool measure_buf_hash) {}
 #endif /* CONFIG_IMA */
 
 #ifndef CONFIG_IMA_KEXEC
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index fa3044a7539f..7d9deda6a8b3 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -201,6 +201,7 @@ static inline unsigned int ima_hash_key(u8 *digest)
 	hook(POLICY_CHECK, policy)			\
 	hook(KEXEC_CMDLINE, kexec_cmdline)		\
 	hook(KEY_CHECK, key)				\
+	hook(CRITICAL_DATA, critical_data)		\
 	hook(MAX_CHECK, none)
 
 #define __ima_hook_enumify(ENUM, str)	ENUM,
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index af218babd198..9917e1730cb6 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -176,7 +176,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
  *		subj=, obj=, type=, func=, mask=, fsmagic=
  *	subj,obj, and type: are LSM specific.
  *	func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK
- *	| KEXEC_CMDLINE | KEY_CHECK
+ *	| KEXEC_CMDLINE | KEY_CHECK | CRITICAL_DATA
  *	mask: contains the permission mask
  *	fsmagic: hex value
  *
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 0f8409d77602..dff4bce4fb09 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -922,6 +922,40 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
 	fdput(f);
 }
 
+/**
+ * ima_measure_critical_data - measure kernel integrity critical data
+ * @event_name: event name to be used for the buffer entry
+ * @buf: pointer to buffer containing data to measure
+ * @buf_len: length of buffer(in bytes)
+ * @measure_buf_hash: measure buffer hash
+ *
+ * Measure the kernel subsystem data, critical to the integrity of the kernel,
+ * into the IMA log and extend the @pcr.
+ *
+ * Use @event_name to describe the state/buffer data change.
+ * Examples of critical data (@buf) could be various data structures,
+ * policies, and states stored in kernel memory that can impact the integrity
+ * of the system.
+ *
+ * If @measure_buf_hash is set to true - measure hash of the buffer data,
+ * else measure the buffer data itself.
+ * @measure_buf_hash can be used to save space, if the data being measured
+ * is too large.
+ *
+ * The data (@buf) can only be measured, not appraised.
+ */
+void ima_measure_critical_data(const char *event_name,
+			       const void *buf, int buf_len,
+			       bool measure_buf_hash)
+{
+	if (!event_name || !buf || !buf_len)
+		return;
+
+	process_buffer_measurement(NULL, buf, buf_len, event_name,
+				   CRITICAL_DATA, 0, NULL,
+				   measure_buf_hash);
+}
+
 static int __init init_ima(void)
 {
 	int error;
-- 
2.17.1