1 /* 2 * Copyright (C) 2010 IBM Corporation 3 * 4 * Authors: 5 * Mimi Zohar <zohar@us.ibm.com> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation, version 2 of the License. 10 * 11 * File: evm_secfs.c 12 * - Used to signal when key is on keyring 13 * - Get the key and enable EVM 14 */ 15 16 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 17 18 #include <linux/audit.h> 19 #include <linux/uaccess.h> 20 #include <linux/module.h> 21 #include <linux/mutex.h> 22 #include "evm.h" 23 24 static struct dentry *evm_dir; 25 static struct dentry *evm_init_tpm; 26 static struct dentry *evm_symlink; 27 28 #ifdef CONFIG_EVM_ADD_XATTRS 29 static struct dentry *evm_xattrs; 30 static DEFINE_MUTEX(xattr_list_mutex); 31 static int evm_xattrs_locked; 32 #endif 33 34 /** 35 * evm_read_key - read() for <securityfs>/evm 36 * 37 * @filp: file pointer, not actually used 38 * @buf: where to put the result 39 * @count: maximum to send along 40 * @ppos: where to start 41 * 42 * Returns number of bytes read or error code, as appropriate 43 */ 44 static ssize_t evm_read_key(struct file *filp, char __user *buf, 45 size_t count, loff_t *ppos) 46 { 47 char temp[80]; 48 ssize_t rc; 49 50 if (*ppos != 0) 51 return 0; 52 53 sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE)); 54 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 55 56 return rc; 57 } 58 59 /** 60 * evm_write_key - write() for <securityfs>/evm 61 * @file: file pointer, not actually used 62 * @buf: where to get the data from 63 * @count: bytes sent 64 * @ppos: where to start 65 * 66 * Used to signal that key is on the kernel key ring. 67 * - get the integrity hmac key from the kernel key ring 68 * - create list of hmac protected extended attributes 69 * Returns number of bytes written or error code, as appropriate 70 */ 71 static ssize_t evm_write_key(struct file *file, const char __user *buf, 72 size_t count, loff_t *ppos) 73 { 74 int i, ret; 75 76 if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE)) 77 return -EPERM; 78 79 ret = kstrtoint_from_user(buf, count, 0, &i); 80 81 if (ret) 82 return ret; 83 84 /* Reject invalid values */ 85 if (!i || (i & ~EVM_INIT_MASK) != 0) 86 return -EINVAL; 87 88 /* Don't allow a request to freshly enable metadata writes if 89 * keys are loaded. 90 */ 91 if ((i & EVM_ALLOW_METADATA_WRITES) && 92 ((evm_initialized & EVM_KEY_MASK) != 0) && 93 !(evm_initialized & EVM_ALLOW_METADATA_WRITES)) 94 return -EPERM; 95 96 if (i & EVM_INIT_HMAC) { 97 ret = evm_init_key(); 98 if (ret != 0) 99 return ret; 100 /* Forbid further writes after the symmetric key is loaded */ 101 i |= EVM_SETUP_COMPLETE; 102 } 103 104 evm_initialized |= i; 105 106 /* Don't allow protected metadata modification if a symmetric key 107 * is loaded 108 */ 109 if (evm_initialized & EVM_INIT_HMAC) 110 evm_initialized &= ~(EVM_ALLOW_METADATA_WRITES); 111 112 return count; 113 } 114 115 static const struct file_operations evm_key_ops = { 116 .read = evm_read_key, 117 .write = evm_write_key, 118 }; 119 120 #ifdef CONFIG_EVM_ADD_XATTRS 121 /** 122 * evm_read_xattrs - read() for <securityfs>/evm_xattrs 123 * 124 * @filp: file pointer, not actually used 125 * @buf: where to put the result 126 * @count: maximum to send along 127 * @ppos: where to start 128 * 129 * Returns number of bytes read or error code, as appropriate 130 */ 131 static ssize_t evm_read_xattrs(struct file *filp, char __user *buf, 132 size_t count, loff_t *ppos) 133 { 134 char *temp; 135 int offset = 0; 136 ssize_t rc, size = 0; 137 struct xattr_list *xattr; 138 139 if (*ppos != 0) 140 return 0; 141 142 rc = mutex_lock_interruptible(&xattr_list_mutex); 143 if (rc) 144 return -ERESTARTSYS; 145 146 list_for_each_entry(xattr, &evm_config_xattrnames, list) 147 size += strlen(xattr->name) + 1; 148 149 temp = kmalloc(size + 1, GFP_KERNEL); 150 if (!temp) 151 return -ENOMEM; 152 153 list_for_each_entry(xattr, &evm_config_xattrnames, list) { 154 sprintf(temp + offset, "%s\n", xattr->name); 155 offset += strlen(xattr->name) + 1; 156 } 157 158 mutex_unlock(&xattr_list_mutex); 159 rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); 160 161 kfree(temp); 162 163 return rc; 164 } 165 166 /** 167 * evm_write_xattrs - write() for <securityfs>/evm_xattrs 168 * @file: file pointer, not actually used 169 * @buf: where to get the data from 170 * @count: bytes sent 171 * @ppos: where to start 172 * 173 * Returns number of bytes written or error code, as appropriate 174 */ 175 static ssize_t evm_write_xattrs(struct file *file, const char __user *buf, 176 size_t count, loff_t *ppos) 177 { 178 int len, err; 179 struct xattr_list *xattr, *tmp; 180 struct audit_buffer *ab; 181 struct iattr newattrs; 182 struct inode *inode; 183 184 if (!capable(CAP_SYS_ADMIN) || evm_xattrs_locked) 185 return -EPERM; 186 187 if (*ppos != 0) 188 return -EINVAL; 189 190 if (count > XATTR_NAME_MAX) 191 return -E2BIG; 192 193 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_EVM_XATTR); 194 if (IS_ERR(ab)) 195 return PTR_ERR(ab); 196 197 xattr = kmalloc(sizeof(struct xattr_list), GFP_KERNEL); 198 if (!xattr) { 199 err = -ENOMEM; 200 goto out; 201 } 202 203 xattr->name = memdup_user_nul(buf, count); 204 if (IS_ERR(xattr->name)) { 205 err = PTR_ERR(xattr->name); 206 xattr->name = NULL; 207 goto out; 208 } 209 210 /* Remove any trailing newline */ 211 len = strlen(xattr->name); 212 if (len && xattr->name[len-1] == '\n') 213 xattr->name[len-1] = '\0'; 214 215 if (strcmp(xattr->name, ".") == 0) { 216 evm_xattrs_locked = 1; 217 newattrs.ia_mode = S_IFREG | 0440; 218 newattrs.ia_valid = ATTR_MODE; 219 inode = evm_xattrs->d_inode; 220 inode_lock(inode); 221 err = simple_setattr(evm_xattrs, &newattrs); 222 inode_unlock(inode); 223 audit_log_format(ab, "locked"); 224 if (!err) 225 err = count; 226 goto out; 227 } 228 229 audit_log_format(ab, "xattr="); 230 audit_log_untrustedstring(ab, xattr->name); 231 232 if (strncmp(xattr->name, XATTR_SECURITY_PREFIX, 233 XATTR_SECURITY_PREFIX_LEN) != 0) { 234 err = -EINVAL; 235 goto out; 236 } 237 238 /* Guard against races in evm_read_xattrs */ 239 mutex_lock(&xattr_list_mutex); 240 list_for_each_entry(tmp, &evm_config_xattrnames, list) { 241 if (strcmp(xattr->name, tmp->name) == 0) { 242 err = -EEXIST; 243 mutex_unlock(&xattr_list_mutex); 244 goto out; 245 } 246 } 247 list_add_tail_rcu(&xattr->list, &evm_config_xattrnames); 248 mutex_unlock(&xattr_list_mutex); 249 250 audit_log_format(ab, " res=0"); 251 audit_log_end(ab); 252 return count; 253 out: 254 audit_log_format(ab, " res=%d", err); 255 audit_log_end(ab); 256 if (xattr) { 257 kfree(xattr->name); 258 kfree(xattr); 259 } 260 return err; 261 } 262 263 static const struct file_operations evm_xattr_ops = { 264 .read = evm_read_xattrs, 265 .write = evm_write_xattrs, 266 }; 267 268 static int evm_init_xattrs(void) 269 { 270 evm_xattrs = securityfs_create_file("evm_xattrs", 0660, evm_dir, NULL, 271 &evm_xattr_ops); 272 if (!evm_xattrs || IS_ERR(evm_xattrs)) 273 return -EFAULT; 274 275 return 0; 276 } 277 #else 278 static int evm_init_xattrs(void) 279 { 280 return 0; 281 } 282 #endif 283 284 int __init evm_init_secfs(void) 285 { 286 int error = 0; 287 288 evm_dir = securityfs_create_dir("evm", integrity_dir); 289 if (!evm_dir || IS_ERR(evm_dir)) 290 return -EFAULT; 291 292 evm_init_tpm = securityfs_create_file("evm", 0660, 293 evm_dir, NULL, &evm_key_ops); 294 if (!evm_init_tpm || IS_ERR(evm_init_tpm)) { 295 error = -EFAULT; 296 goto out; 297 } 298 299 evm_symlink = securityfs_create_symlink("evm", NULL, 300 "integrity/evm/evm", NULL); 301 if (!evm_symlink || IS_ERR(evm_symlink)) { 302 error = -EFAULT; 303 goto out; 304 } 305 306 if (evm_init_xattrs() != 0) { 307 error = -EFAULT; 308 goto out; 309 } 310 311 return 0; 312 out: 313 securityfs_remove(evm_symlink); 314 securityfs_remove(evm_init_tpm); 315 securityfs_remove(evm_dir); 316 return error; 317 } 318