From patchwork Thu Aug 10 23:41:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mimi Zohar X-Patchwork-Id: 9894749 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8B72F60384 for ; Thu, 10 Aug 2017 23:42:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7EB6328BB9 for ; Thu, 10 Aug 2017 23:42:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 737F328BBB; Thu, 10 Aug 2017 23:42:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 17CE728BB9 for ; Thu, 10 Aug 2017 23:42:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752221AbdHJXmh (ORCPT ); Thu, 10 Aug 2017 19:42:37 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:35712 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752172AbdHJXmU (ORCPT ); Thu, 10 Aug 2017 19:42:20 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v7ANdSEe017030 for ; Thu, 10 Aug 2017 19:42:20 -0400 Received: from e23smtp01.au.ibm.com (e23smtp01.au.ibm.com [202.81.31.143]) by mx0a-001b2d01.pphosted.com with ESMTP id 2c903ck0cc-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 10 Aug 2017 19:42:19 -0400 Received: from localhost by e23smtp01.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 11 Aug 2017 09:42:17 +1000 Received: from d23relay06.au.ibm.com (202.81.31.225) by e23smtp01.au.ibm.com (202.81.31.207) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 11 Aug 2017 09:42:15 +1000 Received: from d23av02.au.ibm.com (d23av02.au.ibm.com [9.190.235.138]) by d23relay06.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v7ANgF6j23134364; Fri, 11 Aug 2017 09:42:15 +1000 Received: from d23av02.au.ibm.com (localhost [127.0.0.1]) by d23av02.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id v7ANg5dM020343; Fri, 11 Aug 2017 09:42:06 +1000 Received: from dhcp-9-2-55-123.watson.ibm.com (dhcp-9-2-55-123.watson.ibm.com [9.2.55.123]) by d23av02.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id v7ANfiIT019962; Fri, 11 Aug 2017 09:42:03 +1000 From: Mimi Zohar To: Christoph Hellwig , Al Viro Cc: Mimi Zohar , James Morris , linux-fsdevel@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org Subject: [PATCH v5 4/4] ima: define "fs_unsafe" builtin policy Date: Thu, 10 Aug 2017 19:41:47 -0400 X-Mailer: git-send-email 2.7.4 In-Reply-To: <1502408507-4257-1-git-send-email-zohar@linux.vnet.ibm.com> References: <1502408507-4257-1-git-send-email-zohar@linux.vnet.ibm.com> X-TM-AS-MML: disable x-cbid: 17081023-1617-0000-0000-000001FA8817 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17081023-1618-0000-0000-000048459374 Message-Id: <1502408507-4257-5-git-send-email-zohar@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-08-10_11:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=3 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1708100370 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Permit normally denied access/execute permission for files in policy on IMA unsupported filesystems. This patch defines "fs_unsafe", a builtin policy. Signed-off-by: Mimi Zohar --- Changelog v3: - include dont_failsafe rule when displaying policy Documentation/admin-guide/kernel-parameters.txt | 8 +++++++- security/integrity/ima/ima_policy.c | 12 ++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index d9c171ce4190..4e303be83df6 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -1502,7 +1502,7 @@ ima_policy= [IMA] The builtin policies to load during IMA setup. - Format: "tcb | appraise_tcb | secure_boot" + Format: "tcb | appraise_tcb | secure_boot | fs_unsafe" The "tcb" policy measures all programs exec'd, files mmap'd for exec, and all files opened with the read @@ -1517,6 +1517,12 @@ of files (eg. kexec kernel image, kernel modules, firmware, policy, etc) based on file signatures. + The "fs_unsafe" policy permits normally denied + access/execute permission for files in policy on IMA + unsupported filesystems. Note this option, as the + name implies, is not safe and not recommended for + any environments other than testing. + ima_tcb [IMA] Deprecated. Use ima_policy= instead. Load a policy which meets the needs of the Trusted Computing Base. This means IMA will measure all diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 43b85a4fb8e8..cddd9dfb01e1 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -169,6 +169,10 @@ static struct ima_rule_entry secure_boot_rules[] __ro_after_init = { .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, }; +static struct ima_rule_entry dont_failsafe_rules[] __ro_after_init = { + {.action = DONT_FAILSAFE} +}; + static LIST_HEAD(ima_default_rules); static LIST_HEAD(ima_policy_rules); static LIST_HEAD(ima_temp_rules); @@ -188,6 +192,7 @@ __setup("ima_tcb", default_measure_policy_setup); static bool ima_use_appraise_tcb __initdata; static bool ima_use_secure_boot __initdata; +static bool ima_use_dont_failsafe __initdata; static int __init policy_setup(char *str) { char *p; @@ -201,6 +206,10 @@ static int __init policy_setup(char *str) ima_use_appraise_tcb = 1; else if (strcmp(p, "secure_boot") == 0) ima_use_secure_boot = 1; + else if (strcmp(p, "fs_unsafe") == 0) { + ima_use_dont_failsafe = 1; + set_failsafe(0); + } } return 1; @@ -470,6 +479,9 @@ void __init ima_init_policy(void) temp_ima_appraise |= IMA_APPRAISE_POLICY; } + if (ima_use_dont_failsafe) + list_add_tail(&dont_failsafe_rules[0].list, &ima_default_rules); + ima_rules = &ima_default_rules; ima_update_policy_flag(); }