ima: pass 'opened' flag to identify newly created files

Dmitry Kasatkin · Mimi Zohar · commit 3034a146820c · 2014-09-09T10:28:43.000-04:00
Empty files and missing xattrs do not guarantee that a file was
just created.  This patch passes FILE_CREATED flag to IMA to
reliably identify new files.

Signed-off-by: Dmitry Kasatkin &lt;d.kasatkin@samsung.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;  3.14+
diff --git a/fs/namei.c b/fs/namei.c
@@ -3058,7 +3058,7 @@ static int do_last(struct nameidata *nd, struct path *path,
 	error = open_check_o_direct(file);
 	if (error)
 		goto exit_fput;
-	error = ima_file_check(file, op->acc_mode);
+	error = ima_file_check(file, op->acc_mode, *opened);
 	if (error)
 		goto exit_fput;
 
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
@@ -709,7 +709,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type,
 		host_err = PTR_ERR(*filp);
 		*filp = NULL;
 	} else {
-		host_err = ima_file_check(*filp, may_flags);
+		host_err = ima_file_check(*filp, may_flags, 0);
 
 		if (may_flags & NFSD_MAY_64BIT_COOKIE)
 			(*filp)->f_mode |= FMODE_64BITHASH;
diff --git a/include/linux/ima.h b/include/linux/ima.h
@@ -15,7 +15,7 @@ struct linux_binprm;
 
 #ifdef CONFIG_IMA
 extern int ima_bprm_check(struct linux_binprm *bprm);
-extern int ima_file_check(struct file *file, int mask);
+extern int ima_file_check(struct file *file, int mask, int opened);
 extern void ima_file_free(struct file *file);
 extern int ima_file_mmap(struct file *file, unsigned long prot);
 extern int ima_module_check(struct file *file);
@@ -27,7 +27,7 @@ static inline int ima_bprm_check(struct linux_binprm *bprm)
 	return 0;
 }
 
-static inline int ima_file_check(struct file *file, int mask)
+static inline int ima_file_check(struct file *file, int mask, int opened)
 {
 	return 0;
 }
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
@@ -177,7 +177,7 @@ void ima_delete_rules(void);
 int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
 			     struct file *file, const unsigned char *filename,
 			     struct evm_ima_xattr_data *xattr_value,
-			     int xattr_len);
+			     int xattr_len, int opened);
 int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
@@ -193,7 +193,7 @@ static inline int ima_appraise_measurement(int func,
 					   struct file *file,
 					   const unsigned char *filename,
 					   struct evm_ima_xattr_data *xattr_value,
-					   int xattr_len)
+					   int xattr_len, int opened)
 {
 	return INTEGRITY_UNKNOWN;
 }
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
@@ -183,7 +183,7 @@ int ima_read_xattr(struct dentry *dentry,
 int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
 			     struct file *file, const unsigned char *filename,
 			     struct evm_ima_xattr_data *xattr_value,
-			     int xattr_len)
+			     int xattr_len, int opened)
 {
 	static const char op[] = "appraise_data";
 	char *cause = "unknown";
@@ -203,7 +203,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
 
 		cause = "missing-hash";
 		status = INTEGRITY_NOLABEL;
-		if (inode->i_size == 0) {
+		if (opened & FILE_CREATED) {
 			iint->flags |= IMA_NEW_FILE;
 			status = INTEGRITY_PASS;
 		}
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
@@ -157,7 +157,7 @@ void ima_file_free(struct file *file)
 }
 
 static int process_measurement(struct file *file, const char *filename,
-			       int mask, int function)
+			       int mask, int function, int opened)
 {
 	struct inode *inode = file_inode(file);
 	struct integrity_iint_cache *iint;
@@ -226,7 +226,7 @@ static int process_measurement(struct file *file, const char *filename,
 				      xattr_value, xattr_len);
 	if (action & IMA_APPRAISE_SUBMASK)
 		rc = ima_appraise_measurement(_func, iint, file, pathname,
-					      xattr_value, xattr_len);
+					      xattr_value, xattr_len, opened);
 	if (action & IMA_AUDIT)
 		ima_audit_measurement(iint, pathname);
 	kfree(pathbuf);
@@ -255,7 +255,7 @@ static int process_measurement(struct file *file, const char *filename,
 int ima_file_mmap(struct file *file, unsigned long prot)
 {
 	if (file && (prot & PROT_EXEC))
-		return process_measurement(file, NULL, MAY_EXEC, MMAP_CHECK);
+		return process_measurement(file, NULL, MAY_EXEC, MMAP_CHECK, 0);
 	return 0;
 }
 
@@ -277,7 +277,7 @@ int ima_bprm_check(struct linux_binprm *bprm)
 	return process_measurement(bprm->file,
 				   (strcmp(bprm->filename, bprm->interp) == 0) ?
 				   bprm->filename : bprm->interp,
-				   MAY_EXEC, BPRM_CHECK);
+				   MAY_EXEC, BPRM_CHECK, 0);
 }
 
 /**
@@ -290,12 +290,12 @@ int ima_bprm_check(struct linux_binprm *bprm)
  * On success return 0.  On integrity appraisal error, assuming the file
  * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
  */
-int ima_file_check(struct file *file, int mask)
+int ima_file_check(struct file *file, int mask, int opened)
 {
 	ima_rdwr_violation_check(file);
 	return process_measurement(file, NULL,
 				   mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
-				   FILE_CHECK);
+				   FILE_CHECK, opened);
 }
 EXPORT_SYMBOL_GPL(ima_file_check);
 
@@ -318,7 +318,7 @@ int ima_module_check(struct file *file)
 #endif
 		return 0;	/* We rely on module signature checking */
 	}
-	return process_measurement(file, NULL, MAY_EXEC, MODULE_CHECK);
+	return process_measurement(file, NULL, MAY_EXEC, MODULE_CHECK, 0);
 }
 
 int ima_fw_from_file(struct file *file, char *buf, size_t size)
@@ -329,7 +329,7 @@ int ima_fw_from_file(struct file *file, char *buf, size_t size)
 			return -EACCES;	/* INTEGRITY_UNKNOWN */
 		return 0;
 	}
-	return process_measurement(file, NULL, MAY_EXEC, FIRMWARE_CHECK);
+	return process_measurement(file, NULL, MAY_EXEC, FIRMWARE_CHECK, 0);
 }
 
 static int __init init_ima(void)

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ struct linux_binprm;`
`15`	`15`
`16`	`16`	`#ifdef CONFIG_IMA`
`17`	`17`	`extern int ima_bprm_check(struct linux_binprm *bprm);`
`18`		`-extern int ima_file_check(struct file *file, int mask);`
	`18`	`+extern int ima_file_check(struct file *file, int mask, int opened);`
`19`	`19`	`extern void ima_file_free(struct file *file);`
`20`	`20`	`extern int ima_file_mmap(struct file *file, unsigned long prot);`
`21`	`21`	`extern int ima_module_check(struct file *file);`
`@@ -27,7 +27,7 @@ static inline int ima_bprm_check(struct linux_binprm *bprm)`
`27`	`27`	`return 0;`
`28`	`28`	`}`
`29`	`29`
`30`		`-static inline int ima_file_check(struct file *file, int mask)`
	`30`	`+static inline int ima_file_check(struct file *file, int mask, int opened)`
`31`	`31`	`{`
`32`	`32`	`return 0;`
`33`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -157,7 +157,7 @@ void ima_file_free(struct file *file)`
`157`	`157`	`}`
`158`	`158`
`159`	`159`	`static int process_measurement(struct file file, const char filename,`
`160`		`- int mask, int function)`
	`160`	`+ int mask, int function, int opened)`
`161`	`161`	`{`
`162`	`162`	`struct inode *inode = file_inode(file);`
`163`	`163`	`struct integrity_iint_cache *iint;`
`@@ -226,7 +226,7 @@ static int process_measurement(struct file file, const char filename,`
`226`	`226`	`xattr_value, xattr_len);`
`227`	`227`	`if (action & IMA_APPRAISE_SUBMASK)`
`228`	`228`	`rc = ima_appraise_measurement(_func, iint, file, pathname,`
`229`		`- xattr_value, xattr_len);`
	`229`	`+ xattr_value, xattr_len, opened);`
`230`	`230`	`if (action & IMA_AUDIT)`
`231`	`231`	`ima_audit_measurement(iint, pathname);`
`232`	`232`	`kfree(pathbuf);`
`@@ -255,7 +255,7 @@ static int process_measurement(struct file file, const char filename,`
`255`	`255`	`int ima_file_mmap(struct file *file, unsigned long prot)`
`256`	`256`	`{`
`257`	`257`	`if (file && (prot & PROT_EXEC))`
`258`		`- return process_measurement(file, NULL, MAY_EXEC, MMAP_CHECK);`
	`258`	`+ return process_measurement(file, NULL, MAY_EXEC, MMAP_CHECK, 0);`
`259`	`259`	`return 0;`
`260`	`260`	`}`
`261`	`261`
`@@ -277,7 +277,7 @@ int ima_bprm_check(struct linux_binprm *bprm)`
`277`	`277`	`return process_measurement(bprm->file,`
`278`	`278`	`(strcmp(bprm->filename, bprm->interp) == 0) ?`
`279`	`279`	`bprm->filename : bprm->interp,`
`280`		`- MAY_EXEC, BPRM_CHECK);`
	`280`	`+ MAY_EXEC, BPRM_CHECK, 0);`
`281`	`281`	`}`
`282`	`282`
`283`	`283`	`/**`
`@@ -290,12 +290,12 @@ int ima_bprm_check(struct linux_binprm *bprm)`
`290`	`290`	`* On success return 0. On integrity appraisal error, assuming the file`
`291`	`291`	`* is in policy and IMA-appraisal is in enforcing mode, return -EACCES.`
`292`	`292`	`*/`
`293`		`-int ima_file_check(struct file *file, int mask)`
	`293`	`+int ima_file_check(struct file *file, int mask, int opened)`
`294`	`294`	`{`
`295`	`295`	`ima_rdwr_violation_check(file);`
`296`	`296`	`return process_measurement(file, NULL,`
`297`	`297`	`mask & (MAY_READ \| MAY_WRITE \| MAY_EXEC),`
`298`		`- FILE_CHECK);`
	`298`	`+ FILE_CHECK, opened);`
`299`	`299`	`}`
`300`	`300`	`EXPORT_SYMBOL_GPL(ima_file_check);`
`301`	`301`
`@@ -318,7 +318,7 @@ int ima_module_check(struct file *file)`
`318`	`318`	`#endif`
`319`	`319`	`return 0; /* We rely on module signature checking */`
`320`	`320`	`}`
`321`		`- return process_measurement(file, NULL, MAY_EXEC, MODULE_CHECK);`
	`321`	`+ return process_measurement(file, NULL, MAY_EXEC, MODULE_CHECK, 0);`
`322`	`322`	`}`
`323`	`323`
`324`	`324`	`int ima_fw_from_file(struct file file, char buf, size_t size)`
`@@ -329,7 +329,7 @@ int ima_fw_from_file(struct file file, char buf, size_t size)`
`329`	`329`	`return -EACCES; /* INTEGRITY_UNKNOWN */`
`330`	`330`	`return 0;`
`331`	`331`	`}`
`332`		`- return process_measurement(file, NULL, MAY_EXEC, FIRMWARE_CHECK);`
	`332`	`+ return process_measurement(file, NULL, MAY_EXEC, FIRMWARE_CHECK, 0);`
`333`	`333`	`}`
`334`	`334`
`335`	`335`	`static int __init init_ima(void)`