From patchwork Wed Sep 27 22:16:50 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Matthew Garrett <mjg59@google.com>
X-Patchwork-Id: 9974983
Return-Path: <linux-integrity-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	2987560375 for <patchwork-linux-integrity@patchwork.kernel.org>;
	Wed, 27 Sep 2017 22:17:13 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1C336284B9
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Wed, 27 Sep 2017 22:17:13 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 0FF56289A0; Wed, 27 Sep 2017 22:17:13 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU,
	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A7AC284B9
	for <patchwork-linux-integrity@patchwork.kernel.org>;
	Wed, 27 Sep 2017 22:17:12 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752273AbdI0WRM (ORCPT
	<rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
	Wed, 27 Sep 2017 18:17:12 -0400
Received: from mail-oi0-f74.google.com ([209.85.218.74]:45281 "EHLO
	mail-oi0-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752239AbdI0WRL (ORCPT
	<rfc822;linux-integrity@vger.kernel.org>);
	Wed, 27 Sep 2017 18:17:11 -0400
Received: by mail-oi0-f74.google.com with SMTP id r20so8685374oie.4
	for <linux-integrity@vger.kernel.org>;
	Wed, 27 Sep 2017 15:17:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20161025;
	h=mime-version:date:in-reply-to:message-id:references:subject:from:to
	:cc; bh=MbsW9lY3aOkVaG4/PA3enJyZRUqFpqGgoxpW00+PnXs=;
	b=D4hp7+KUl2DCcmqXji0WQb8WTu0MNL/jRFE/m3X4Q197K6+XYvzAJN+ebbB3ARwHfE
	vLx3aEgDRP5pGT1tXwj5yeT65qI68hrQGjhs7BfTZM3IYBjg41yxNlqs33Z5nOL1Mq31
	t4vBUcYxxtZR59BnnbGHVefqOo+kch0kdDmIILKfN9cX74le3ADMn2mqeZWpWZC8MKA0
	lN8hSj8Iu433LiCCK/Fc6kdYH/6beXxmQcDK1rYX+fnLOmZ+TVW33KZ+lhhmu/VDTO4m
	DtqdZCftVkgb0MXc6KAS31KJVFydh2C9UItrF68GMYvO/yU11x1VZwxu9/GMa+vzobRT
	HyCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:date:in-reply-to:message-id
	:references:subject:from:to:cc;
	bh=MbsW9lY3aOkVaG4/PA3enJyZRUqFpqGgoxpW00+PnXs=;
	b=GLp6kELeZmuzhwEcGrb+dPPML6z4HClBOTK85rZ386Tr2oREnlSIk/9aD40rnl3N5D
	vdW/089FAwHmgkvYhgMJlhm/R090nHWgrppOw3szPLj4jGhkGrd4ymULYX/1vlF3Cq45
	NrKBRXMNAuF6WYFMOyh64ZWoNiV/TmO4UfhLmNMopeVPTks2UKxfu4T60j/0euM+Bh1e
	cYTx2KWYQ52Vr0UuTUivNEgE9PdTF51MFu6LZf18au0H6yy2tXw3RG+dAY68gCxW0KWL
	5hKufE6XnWOIySn6e7wk9o8ONfRUe/CHAx9qFOmGTzvChHQPt87PGZGe6DqjZGR4C0Zu
	W+ZA==
X-Gm-Message-State: AHPjjUh96DSbKTjCQcU/sSkBck6Gjh3XSXwC+ihzlKglC40K82AmNJM1
	qukS8R0Rf6kAJNwXWBgziSyC+FWEfYlSqOzPNcTWlmzUUSQwj8cg08Pa+GmqZYxReskQag3PU87
	9T+4vdjCcK9AH8N1fKDwUw0iKPxoc7fNWBE4=
X-Google-Smtp-Source: 
 AOwi7QChVQ5Fkjp7ea7UeGV3+4yM/6stsi5VaBbV88JbvIIJyuZaC9EWyfkXr8i4ONRjBzpvPsq5jTOzn0EvQ8OGBzGHFg==
MIME-Version: 1.0
X-Received: by 10.157.48.117 with SMTP id w50mr1085986otd.95.1506550631250;
	Wed, 27 Sep 2017 15:17:11 -0700 (PDT)
Date: Wed, 27 Sep 2017 15:16:50 -0700
In-Reply-To: <20170927221653.11219-1-mjg59@google.com>
Message-Id: <20170927221653.11219-4-mjg59@google.com>
References: <20170927221653.11219-1-mjg59@google.com>
X-Mailer: git-send-email 2.14.2.822.g60be5d43e6-goog
Subject: [PATCH 3/6] EVM: Allow userland to override the default EVM
	attributes
From: Matthew Garrett <mjg59@google.com>
To: linux-integrity@vger.kernel.org
Cc: zohar@linux.vnet.ibm.com, Matthew Garrett <mjg59@google.com>
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Local policy may wish to provide a different set of metadata to measure
when compared to the kernel defaults. Allow this to be overridden before
the EVM key is initialised, giving userland an opportunity to define it
but locking it down after EVM is enabled.

Signed-off-by: Matthew Garrett <mjg59@google.com>
---
 security/integrity/evm/evm_secfs.c | 74 +++++++++++++++++++++++++++++++++++---
 1 file changed, 70 insertions(+), 4 deletions(-)

diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index c8dccd54d501..b6678f01ec39 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -20,6 +20,7 @@
 #include "evm.h"
 
 static struct dentry *evm_init_tpm;
+static struct dentry *evm_init_flags;
 
 /**
  * evm_read_key - read() for <securityfs>/evm
@@ -88,13 +89,78 @@ static const struct file_operations evm_key_ops = {
 	.write		= evm_write_key,
 };
 
-int __init evm_init_secfs(void)
+/**
+ * evm_read_flags - read() for <securityfs>/evm_flags
+ *
+ * @filp: file pointer, not actually used
+ * @buf: where to put the result
+ * @count: maximum to send along
+ * @ppos: where to start
+ *
+ * Returns number of bytes read or error code, as appropriate
+ */
+static ssize_t evm_read_flags(struct file *filp, char __user *buf,
+			      size_t count, loff_t *ppos)
 {
-	int error = 0;
+	char temp[19];
+	ssize_t rc;
+
+	if (*ppos != 0)
+		return 0;
+
+	sprintf(temp, "0x%llx", evm_default_flags);
+	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
+
+	return rc;
+}
 
+/**
+ * evm_write_flags - write() for <securityfs>/evm_flags
+ * @file: file pointer, not actually used
+ * @buf: where to get the data from
+ * @count: bytes sent
+ * @ppos: where to start
+ *
+ * - sets the components that will be measured in the EVM hash
+ * Returns number of bytes written or error code, as appropriate
+ */
+static ssize_t evm_write_flags(struct file *file, const char __user *buf,
+			       size_t count, loff_t *ppos)
+{
+	int err;
+
+	if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_INIT_HMAC))
+		return -EPERM;
+
+	if (evm_initialized & EVM_INIT_HMAC)
+		return -EINVAL;
+
+	err = kstrtoull_from_user(buf, count, 0, &evm_default_flags);
+	if (err)
+		return err;
+
+	return count;
+}
+
+static const struct file_operations evm_flags_ops = {
+	.read		= evm_read_flags,
+	.write		= evm_write_flags,
+};
+
+int __init evm_init_secfs(void)
+{
 	evm_init_tpm = securityfs_create_file("evm", S_IRUSR | S_IRGRP,
 					      NULL, NULL, &evm_key_ops);
 	if (!evm_init_tpm || IS_ERR(evm_init_tpm))
-		error = -EFAULT;
-	return error;
+		return -EFAULT;
+
+	evm_init_flags = securityfs_create_file("evm_flags", S_IRUSR | S_IRGRP,
+						NULL, NULL, &evm_flags_ops);
+
+	if (!evm_init_flags || IS_ERR(evm_init_flags)) {
+		securityfs_remove(evm_init_tpm);
+		return -EFAULT;
+	}
+
+	return 0;
 }