Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3639637pxv; Mon, 5 Jul 2021 02:11:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxlqoUwZpMsjLxJKFWUQCswhg/Hy841QeFyAFkQIXagV1ddPoLmvsOyzAcUo/Oao4HcMOGn X-Received: by 2002:a17:906:6bcd:: with SMTP id t13mr12704372ejs.551.1625476277166; Mon, 05 Jul 2021 02:11:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625476277; cv=none; d=google.com; s=arc-20160816; b=MrWp/iSSqMhKslRO47c6WiiMDApVutNiOimVP3Rzh1DmUFxHbLbjMbofRpxKRskSHb n6LDbiOe70JA3qcp9+v4Q5Y4CeP462ZUClRx0hFtNH3XcNZBTKgHuJ0q9Dt05daI6xxw up857kmZcqyicx9dbaJzukNtIrueQ6uJ29RCgTPm7HzAFqvB26AmKg7XD1R/PDvl3cMj K7vxdvuD3toUrc78QBFrw2TeT60p5iHRUvWH7dFrPte2nvBPXcztebk6X+CPN9syj0Bk tnQ1fakbQsu4teJR3tPWIwCRkTuOVLIkW1cM2pgISRGiq17gZoVPpQzlnY0OMC9IzaRq JO+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=AWw3ukGZSy0osxDw5dv0eSOooj9cgRbK70jM9yEw/v4=; b=E3o+QiKnb88cf+RcDDN1k6sswkglXLExWyOXQo0gpMpD/qOZVGx8L2c/J6LHB3FJjy /iUxniBUC3bIA8bk04SN0WhqQaEihdHU20wMtUeG2SV9T620A2ZzQ6aI0DregoHXOJTb tA43d7E3I2gcVoFgG7+2fNL2HtYN+nlXCT2PHEclX7H4LeP4yijh/rn8bDdIg8XBtN/s iKHNjrD9PRcMRJO7qOjUkWD885eADISR8te7rXZFMZOGyUf9wncbm6Bywh/OyWMLOx+j WtnnkHCLzCAKTZgc0Mh0KkmBYpP/Vr4A/+qsS9cbQ285MzlH3mNjSaRu/ae+Y11CsXjD 4T+A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q19si11575587edv.125.2021.07.05.02.10.54; Mon, 05 Jul 2021 02:11:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230374AbhGEJMd (ORCPT + 99 others); Mon, 5 Jul 2021 05:12:33 -0400 Received: from frasgout.his.huawei.com ([185.176.79.56]:3357 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230282AbhGEJMb (ORCPT ); Mon, 5 Jul 2021 05:12:31 -0400 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.226]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4GJKSJ1162z6G8DM; Mon, 5 Jul 2021 17:01:52 +0800 (CST) Received: from roberto-ThinkStation-P620.huawei.com (10.204.63.22) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Mon, 5 Jul 2021 11:09:52 +0200 From: Roberto Sassu To: , CC: , , , , , , , , Roberto Sassu Subject: [PATCH v3 1/3] ima: Introduce ima_get_current_hash_algo() Date: Mon, 5 Jul 2021 11:09:20 +0200 Message-ID: <20210705090922.3321178-2-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210705090922.3321178-1-roberto.sassu@huawei.com> References: <20210705090922.3321178-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.204.63.22] X-ClientProxiedBy: lhreml752-chm.china.huawei.com (10.201.108.202) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch introduces the new function ima_get_current_hash_algo(), that callers in the other kernel subsystems might use to obtain the hash algorithm selected by IMA. Its primary use will be to determine which algorithm has been used to calculate the digest written by ima_measure_critical_data() to the location passed as a new parameter (in a subsequent patch). Since the hash algorithm does not change after the IMA setup phase, there is no risk of races (obtaining a digest calculated with a different algorithm than the one returned). Reviewed-by: Lakshmi Ramasubramanian Signed-off-by: Roberto Sassu --- include/linux/ima.h | 7 +++++++ security/integrity/ima/ima_main.c | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/include/linux/ima.h b/include/linux/ima.h index 61d5723ec303..81e830d01ced 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -11,9 +11,11 @@ #include #include #include +#include struct linux_binprm; #ifdef CONFIG_IMA +extern enum hash_algo ima_get_current_hash_algo(void); extern int ima_bprm_check(struct linux_binprm *bprm); extern int ima_file_check(struct file *file, int mask); extern void ima_post_create_tmpfile(struct user_namespace *mnt_userns, @@ -64,6 +66,11 @@ static inline const char * const *arch_get_ima_policy(void) #endif #else +static inline enum hash_algo ima_get_current_hash_algo(void) +{ + return HASH_ALGO__LAST; +} + static inline int ima_bprm_check(struct linux_binprm *bprm) { return 0; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 287b90509006..8ef1fa357e0c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -76,6 +76,11 @@ static int __init hash_setup(char *str) } __setup("ima_hash=", hash_setup); +enum hash_algo ima_get_current_hash_algo(void) +{ + return ima_hash_algo; +} + /* Prevent mmap'ing a file execute that is already mmap'ed write */ static int mmap_violation_check(enum ima_hooks func, struct file *file, char **pathbuf, const char **pathname, -- 2.25.1