Received: by 2002:a05:7412:8521:b0:e2:908c:2ebd with SMTP id t33csp127670rdf; Thu, 2 Nov 2023 16:11:21 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE9AVbteBPAiC4+1n6WGUqXUN/UQuAKZaGyoAe86mh78BhN3dpeaCM+G8kIa3P3CQhy4M6Q X-Received: by 2002:a17:902:e1cd:b0:1ca:8541:e1ea with SMTP id t13-20020a170902e1cd00b001ca8541e1eamr14856235pla.0.1698966681222; Thu, 02 Nov 2023 16:11:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698966681; cv=none; d=google.com; s=arc-20160816; b=ngYI7P5ufiZqgmohoKA6smm1Rv/Ni7Inq/L51tcEbQsv5XeFo+bl7rDmJ7bAF3ofXc jErGdrHlqKkIImXe9SW4Gb/I570nhFG2Q1FQfw3xcvQ+s81kXTlgtz5Sn5hB2Z2SaNdT +FmQwbXzgk758rclu8sgx95TiWlFZMoJtDxAr0apJ4nEqyQz++4mPcfkX0XhhF+VBGmm tZpdST6FYpkalIdWZWXrQTPyqLt/5KaZ1v8uxvvn3gn3t3q2z1Je1YjDcNYpPWFEQIzy qQgkoNXM72PuGCKJk9E7EOvgUZaN4duAqELculLaY+4+FtAsl5+PKwXOGCScZ0Om0Mv4 MTJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-filter; bh=lp2z5BxeRGAHA/HAb67fp8SLQnfHslP51OFaV1ICsHM=; fh=fAqrlMYH1fEHmaaZ3DhbJc1a1C2SUC29hk9YBohK+zY=; b=N/qAo26X2hP9Su2BzrZj57reY3cgPrWBnu2POAXIhLqSeK6GpaJwnN5ZOjnfBfzTkX ttekPUhMogu5r9ZIPl6lG6G01L5/vMJOwPdxsPU/RBVht3qLr7i+3f8fus3CJ5i+ePp1 h3ZmXNvpZt8TfrReuhg//iZIWDEHAt7LM2feQIrpRdVs2UXIfgRCumqDPwuwtuaaro6K lGXN59veO9ahVDwijDX7/+twmwPbCGKX97DmErXsW84THOCCChAuG2zyzRZTN5fCNj+y DKiBUJIXylfIEoEuAvDj4R7c0d4OqYEGpq/oCFtYwyn3oDMIg0p9lOm5KJSXDaikznwN mdkA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=ZbkFjUNG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id ko15-20020a17090307cf00b001c60783985esi416778plb.93.2023.11.02.16.11.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Nov 2023 16:11:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=ZbkFjUNG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id D83528236256; Thu, 2 Nov 2023 16:11:07 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377549AbjKBXKH (ORCPT + 99 others); Thu, 2 Nov 2023 19:10:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33414 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229712AbjKBXKG (ORCPT ); Thu, 2 Nov 2023 19:10:06 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 4E200E5; Thu, 2 Nov 2023 16:10:00 -0700 (PDT) Received: from [10.137.106.151] (unknown [131.107.159.23]) by linux.microsoft.com (Postfix) with ESMTPSA id 9910520B74C0; Thu, 2 Nov 2023 16:09:59 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 9910520B74C0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1698966599; bh=lp2z5BxeRGAHA/HAb67fp8SLQnfHslP51OFaV1ICsHM=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=ZbkFjUNGs32xbYQ2lx/qXk1hmKb3yJTxfTbeVKjhKAfTGmaS+VJXtC+so76x7ubRQ E+e8vbuv6XKMDEUYdophRxGt8FMSuGIR7EZprLnBAzJ2DPJuMujJR9Dx0A2E9RbkJb b/S1EpOnEFD+dW40FzsEZGH82Is4Kp7xJUMq5WAo= Message-ID: <674f6e74-e630-4ed3-b7e8-1de89a83f032@linux.microsoft.com> Date: Thu, 2 Nov 2023 16:09:59 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH RFC v11 17/19] scripts: add boot policy generation program Content-Language: en-US To: Paul Moore , corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com, tytso@mit.edu, ebiggers@kernel.org, axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org, eparis@redhat.com Cc: linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fscrypt@vger.kernel.org, linux-block@vger.kernel.org, dm-devel@redhat.com, audit@vger.kernel.org, roberto.sassu@huawei.com, linux-kernel@vger.kernel.org, Deven Bowers References: <1696457386-3010-18-git-send-email-wufan@linux.microsoft.com> <0c3ac562e5b8ea82d962478459bc7047.paul@paul-moore.com> From: Fan Wu In-Reply-To: <0c3ac562e5b8ea82d962478459bc7047.paul@paul-moore.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 02 Nov 2023 16:11:08 -0700 (PDT) On 10/23/2023 8:52 PM, Paul Moore wrote: > On Oct 4, 2023 Fan Wu wrote: >> >> Enables an IPE policy to be enforced from kernel start, enabling access >> control based on trust from kernel startup. This is accomplished by >> transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a >> c-string literal that is parsed at kernel startup as an unsigned policy. >> >> Signed-off-by: Deven Bowers >> Signed-off-by: Fan Wu >> --- >> v2: >> + No Changes >> >> v3: >> + No Changes >> >> v4: >> + No Changes >> >> v5: >> + No Changes >> >> v6: >> + No Changes >> >> v7: >> + Move from 01/11 to 14/16 >> + Don't return errno directly. >> + Make output of script more user-friendly >> + Add escaping for tab and '?' >> + Mark argv pointer const >> + Invert return code check in the boot policy parsing code path. >> >> v8: >> + No significant changes. >> >> v9: >> + No changes >> >> v10: >> + Update the init part code for rcu changes in the eval loop patch >> >> v11: >> + Fix code style issues >> --- >> MAINTAINERS | 1 + >> scripts/Makefile | 1 + >> scripts/ipe/Makefile | 2 + >> scripts/ipe/polgen/.gitignore | 1 + >> scripts/ipe/polgen/Makefile | 6 ++ >> scripts/ipe/polgen/polgen.c | 145 ++++++++++++++++++++++++++++++++++ >> security/ipe/.gitignore | 1 + >> security/ipe/Kconfig | 10 +++ >> security/ipe/Makefile | 11 +++ >> security/ipe/fs.c | 8 ++ >> security/ipe/ipe.c | 12 +++ >> 11 files changed, 198 insertions(+) >> create mode 100644 scripts/ipe/Makefile >> create mode 100644 scripts/ipe/polgen/.gitignore >> create mode 100644 scripts/ipe/polgen/Makefile >> create mode 100644 scripts/ipe/polgen/polgen.c >> create mode 100644 security/ipe/.gitignore > > ... > >> diff --git a/scripts/ipe/polgen/polgen.c b/scripts/ipe/polgen/polgen.c >> new file mode 100644 >> index 000000000000..40b6fe07f47b >> --- /dev/null >> +++ b/scripts/ipe/polgen/polgen.c >> @@ -0,0 +1,145 @@ > > ... > >> +static int write_boot_policy(const char *pathname, const char *buf, size_t size) >> +{ >> + int rc = 0; >> + FILE *fd; >> + size_t i; >> + >> + fd = fopen(pathname, "w"); >> + if (!fd) { >> + rc = errno; >> + goto err; >> + } >> + >> + fprintf(fd, "/* This file is automatically generated."); >> + fprintf(fd, " Do not edit. */\n"); >> + fprintf(fd, "#include \n"); >> + fprintf(fd, "\nextern const char *const ipe_boot_policy;\n\n"); >> + fprintf(fd, "const char *const ipe_boot_policy =\n"); >> + >> + if (!buf || size == 0) { >> + fprintf(fd, "\tNULL;\n"); >> + fclose(fd); >> + return 0; >> + } >> + >> + fprintf(fd, "\t\""); >> + >> + for (i = 0; i < size; ++i) { >> + switch (buf[i]) { >> + case '"': >> + fprintf(fd, "\\\""); >> + break; >> + case '\'': >> + fprintf(fd, "'"); >> + break; > > The revision of IPE proposed in this patchset doesn't support parsing > single or double quotes, yes? > Actually all characters can be used in the policy. The previous revision was removing the quote syntax, which supports having space in the policy name like policy_name="example policy". But that is not related to the boot policy generation code here. The code here is to generate a C source code that will be linked into IPE. Thus we have to escape these characters to conform with the C language string literal standard. -Fan >> + case '\n': >> + fprintf(fd, "\\n\"\n\t\""); >> + break; >> + case '\\': >> + fprintf(fd, "\\\\"); >> + break; >> + case '\t': >> + fprintf(fd, "\\t"); >> + break; >> + case '\?': >> + fprintf(fd, "\\?"); >> + break; > > Similar, are question marks supported by the parser? > >> + default: >> + fprintf(fd, "%c", buf[i]); >> + } >> + } >> + fprintf(fd, "\";\n"); >> + fclose(fd); >> + >> + return 0; >> + >> +err: >> + if (fd) >> + fclose(fd); >> + return rc; >> +} > > ... > >> diff --git a/security/ipe/.gitignore b/security/ipe/.gitignore >> new file mode 100644 >> index 000000000000..eca22ad5ed22 >> --- /dev/null >> +++ b/security/ipe/.gitignore >> @@ -0,0 +1 @@ >> +boot-policy.c >> \ No newline at end of file > > Add a newline please. > > -- > paul-moore.com