From d726d8d719b6ac919cc4d5cae73831a2ffe36118 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Mon, 18 Mar 2013 14:48:02 -0400 Subject: integrity: move integrity_audit_msg() This patch moves the integrity_audit_msg() function and defintion to security/integrity/, the parent directory, renames the 'ima_audit' boot command line option to 'integrity_audit', and fixes the Kconfig help text to reflect the actual code. Changelog: - Fixed ifdef inclusion of integrity_audit_msg() (Fengguang Wu) Signed-off-by: Mimi Zohar --- security/integrity/Kconfig | 15 +++++++++ security/integrity/Makefile | 1 + security/integrity/ima/Kconfig | 12 ------- security/integrity/ima/Makefile | 1 - security/integrity/ima/ima.h | 14 -------- security/integrity/ima/ima_audit.c | 64 ------------------------------------ security/integrity/integrity.h | 14 ++++++++ security/integrity/integrity_audit.c | 64 ++++++++++++++++++++++++++++++++++++ 8 files changed, 94 insertions(+), 91 deletions(-) delete mode 100644 security/integrity/ima/ima_audit.c create mode 100644 security/integrity/integrity_audit.c (limited to 'security/integrity') diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig index 4bb3a775a996..245c6d92065b 100644 --- a/security/integrity/Kconfig +++ b/security/integrity/Kconfig @@ -17,6 +17,21 @@ config INTEGRITY_SIGNATURE This is useful for evm and module keyrings, when keys are usually only added from initramfs. +config INTEGRITY_AUDIT + bool "Enables integrity auditing support " + depends on INTEGRITY && AUDIT + default y + help + In addition to enabling integrity auditing support, this + option adds a kernel parameter 'integrity_audit', which + controls the level of integrity auditing messages. + 0 - basic integrity auditing messages (default) + 1 - additional integrity auditing messages + + Additional informational integrity auditing messages would + be enabled by specifying 'integrity_audit=1' on the kernel + command line. + config INTEGRITY_ASYMMETRIC_KEYS boolean "Enable asymmetric keys support" depends on INTEGRITY_SIGNATURE diff --git a/security/integrity/Makefile b/security/integrity/Makefile index ebb6409b3fcb..0f9cffb1f9ad 100644 --- a/security/integrity/Makefile +++ b/security/integrity/Makefile @@ -3,6 +3,7 @@ # obj-$(CONFIG_INTEGRITY) += integrity.o +obj-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o obj-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index d232c73647ae..39196abaff0d 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -38,18 +38,6 @@ config IMA_MEASURE_PCR_IDX that IMA uses to maintain the integrity aggregate of the measurement list. If unsure, use the default 10. -config IMA_AUDIT - bool "Enables auditing support" - depends on IMA - depends on AUDIT - default y - help - This option adds a kernel parameter 'ima_audit', which - allows informational auditing messages to be enabled - at boot. If this option is selected, informational integrity - auditing messages can be enabled with 'ima_audit=1' on - the kernel command line. - config IMA_LSM_RULES bool depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK) diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile index 3f2ca6bdc384..56dfee7cbf61 100644 --- a/security/integrity/ima/Makefile +++ b/security/integrity/ima/Makefile @@ -7,5 +7,4 @@ obj-$(CONFIG_IMA) += ima.o ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \ ima_policy.o -ima-$(CONFIG_IMA_AUDIT) += ima_audit.o ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index a41c9c18e5e0..b3dd616560f7 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -62,20 +62,6 @@ struct ima_queue_entry { }; extern struct list_head ima_measurements; /* list of all measurements */ -#ifdef CONFIG_IMA_AUDIT -/* declarations */ -void integrity_audit_msg(int audit_msgno, struct inode *inode, - const unsigned char *fname, const char *op, - const char *cause, int result, int info); -#else -static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, - const unsigned char *fname, - const char *op, const char *cause, - int result, int info) -{ -} -#endif - /* Internal IMA function definitions */ int ima_init(void); void ima_cleanup(void); diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c deleted file mode 100644 index c586faae8fd6..000000000000 --- a/security/integrity/ima/ima_audit.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (C) 2008 IBM Corporation - * Author: Mimi Zohar - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, version 2 of the License. - * - * File: integrity_audit.c - * Audit calls for the integrity subsystem - */ - -#include -#include -#include -#include "ima.h" - -static int ima_audit; - -/* ima_audit_setup - enable informational auditing messages */ -static int __init ima_audit_setup(char *str) -{ - unsigned long audit; - - if (!strict_strtoul(str, 0, &audit)) - ima_audit = audit ? 1 : 0; - return 1; -} -__setup("ima_audit=", ima_audit_setup); - -void integrity_audit_msg(int audit_msgno, struct inode *inode, - const unsigned char *fname, const char *op, - const char *cause, int result, int audit_info) -{ - struct audit_buffer *ab; - - if (!ima_audit && audit_info == 1) /* Skip informational messages */ - return; - - ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno); - audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", - current->pid, - from_kuid(&init_user_ns, current_cred()->uid), - from_kuid(&init_user_ns, audit_get_loginuid(current)), - audit_get_sessionid(current)); - audit_log_task_context(ab); - audit_log_format(ab, " op="); - audit_log_string(ab, op); - audit_log_format(ab, " cause="); - audit_log_string(ab, cause); - audit_log_format(ab, " comm="); - audit_log_untrustedstring(ab, current->comm); - if (fname) { - audit_log_format(ab, " name="); - audit_log_untrustedstring(ab, fname); - } - if (inode) { - audit_log_format(ab, " dev="); - audit_log_untrustedstring(ab, inode->i_sb->s_id); - audit_log_format(ab, " ino=%lu", inode->i_ino); - } - audit_log_format(ab, " res=%d", !result); - audit_log_end(ab); -} diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 84c37c4db914..c42fb7a70dee 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -113,5 +113,19 @@ static inline int asymmetric_verify(struct key *keyring, const char *sig, } #endif +#ifdef CONFIG_INTEGRITY_AUDIT +/* declarations */ +void integrity_audit_msg(int audit_msgno, struct inode *inode, + const unsigned char *fname, const char *op, + const char *cause, int result, int info); +#else +static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, + const unsigned char *fname, + const char *op, const char *cause, + int result, int info) +{ +} +#endif + /* set during initialization */ extern int iint_initialized; diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c new file mode 100644 index 000000000000..d7efb30404aa --- /dev/null +++ b/security/integrity/integrity_audit.c @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2008 IBM Corporation + * Author: Mimi Zohar + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2 of the License. + * + * File: integrity_audit.c + * Audit calls for the integrity subsystem + */ + +#include +#include +#include +#include "integrity.h" + +static int integrity_audit_info; + +/* ima_audit_setup - enable informational auditing messages */ +static int __init integrity_audit_setup(char *str) +{ + unsigned long audit; + + if (!strict_strtoul(str, 0, &audit)) + integrity_audit_info = audit ? 1 : 0; + return 1; +} +__setup("integrity_audit=", integrity_audit_setup); + +void integrity_audit_msg(int audit_msgno, struct inode *inode, + const unsigned char *fname, const char *op, + const char *cause, int result, int audit_info) +{ + struct audit_buffer *ab; + + if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ + return; + + ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno); + audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", + current->pid, + from_kuid(&init_user_ns, current_cred()->uid), + from_kuid(&init_user_ns, audit_get_loginuid(current)), + audit_get_sessionid(current)); + audit_log_task_context(ab); + audit_log_format(ab, " op="); + audit_log_string(ab, op); + audit_log_format(ab, " cause="); + audit_log_string(ab, cause); + audit_log_format(ab, " comm="); + audit_log_untrustedstring(ab, current->comm); + if (fname) { + audit_log_format(ab, " name="); + audit_log_untrustedstring(ab, fname); + } + if (inode) { + audit_log_format(ab, " dev="); + audit_log_untrustedstring(ab, inode->i_sb->s_id); + audit_log_format(ab, " ino=%lu", inode->i_ino); + } + audit_log_format(ab, " res=%d", !result); + audit_log_end(ab); +} -- cgit v1.2.1 From 9b97b6cdd420cd62dae972eafaae7494a7670607 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Thu, 21 Feb 2013 09:31:22 -0500 Subject: evm: audit integrity metadata failures Before modifying an EVM protected extended attribute or any other metadata included in the HMAC calculation, the existing 'security.evm' is verified. This patch adds calls to integrity_audit_msg() to audit integrity metadata failures. Reported-by: Sven Vermeulen Signed-off-by: Mimi Zohar --- security/integrity/evm/evm_main.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'security/integrity') diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index cdbde1762189..df0fa451a871 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -24,6 +25,9 @@ int evm_initialized; +static char *integrity_status_msg[] = { + "pass", "fail", "no_label", "no_xattrs", "unknown" +}; char *evm_hmac = "hmac(sha1)"; char *evm_hash = "sha1"; int evm_hmac_version = CONFIG_EVM_HMAC_VERSION; @@ -262,9 +266,15 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, if ((evm_status == INTEGRITY_PASS) || (evm_status == INTEGRITY_NOXATTRS)) return 0; - return -EPERM; + goto out; } evm_status = evm_verify_current_integrity(dentry); +out: + if (evm_status != INTEGRITY_PASS) + integrity_audit_msg(AUDIT_INTEGRITY_METADATA, dentry->d_inode, + dentry->d_name.name, "appraise_metadata", + integrity_status_msg[evm_status], + -EPERM, 0); return evm_status == INTEGRITY_PASS ? 0 : -EPERM; } @@ -357,6 +367,9 @@ int evm_inode_setattr(struct dentry *dentry, struct iattr *attr) if ((evm_status == INTEGRITY_PASS) || (evm_status == INTEGRITY_NOXATTRS)) return 0; + integrity_audit_msg(AUDIT_INTEGRITY_METADATA, dentry->d_inode, + dentry->d_name.name, "appraise_metadata", + integrity_status_msg[evm_status], -EPERM, 0); return -EPERM; } -- cgit v1.2.1