From patchwork Wed Jun 22 13:35:04 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mimi Zohar X-Patchwork-Id: 9192947 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A7B34601C0 for ; Wed, 22 Jun 2016 13:36:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9867828406 for ; Wed, 22 Jun 2016 13:36:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8D18728409; Wed, 22 Jun 2016 13:36:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 25C0328406 for ; Wed, 22 Jun 2016 13:36:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752259AbcFVNfc (ORCPT ); Wed, 22 Jun 2016 09:35:32 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:18903 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752236AbcFVNfa (ORCPT ); Wed, 22 Jun 2016 09:35:30 -0400 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u5MDTdPo129714 for ; Wed, 22 Jun 2016 09:35:29 -0400 Received: from e23smtp04.au.ibm.com (e23smtp04.au.ibm.com [202.81.31.146]) by mx0b-001b2d01.pphosted.com with ESMTP id 23q6r4gj18-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 22 Jun 2016 09:35:29 -0400 Received: from localhost by e23smtp04.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 22 Jun 2016 23:35:25 +1000 Received: from d23dlp03.au.ibm.com (202.81.31.214) by e23smtp04.au.ibm.com (202.81.31.210) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 22 Jun 2016 23:35:23 +1000 X-IBM-Helo: d23dlp03.au.ibm.com X-IBM-MailFrom: zohar@linux.vnet.ibm.com X-IBM-RcptTo: linux-kernel@vger.kernel.org; linux-security-module@vger.kernel.org Received: from d23relay10.au.ibm.com (d23relay10.au.ibm.com [9.190.26.77]) by d23dlp03.au.ibm.com (Postfix) with ESMTP id DE4DF3578052; Wed, 22 Jun 2016 23:35:22 +1000 (EST) Received: from d23av01.au.ibm.com (d23av01.au.ibm.com [9.190.234.96]) by d23relay10.au.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u5MDZM7A3997956; Wed, 22 Jun 2016 23:35:22 +1000 Received: from d23av01.au.ibm.com (localhost [127.0.0.1]) by d23av01.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u5MDZLDh001713; Wed, 22 Jun 2016 23:35:22 +1000 Received: from localhost.localdomain.localdomain ([9.80.83.79]) by d23av01.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id u5MDZAsj001467; Wed, 22 Jun 2016 23:35:19 +1000 From: Mimi Zohar To: linux-security-module , linux-ima-devel Cc: Dave Young , kexec@lists.infradead.org, linux-kernel@vger.kernel.org, Eric Biederman , Mimi Zohar Subject: [PATCH 2/3] kexec: measure boot command line Date: Wed, 22 Jun 2016 09:35:04 -0400 X-Mailer: git-send-email 2.1.0 In-Reply-To: <1466602505-21915-1-git-send-email-zohar@linux.vnet.ibm.com> References: <1466602505-21915-1-git-send-email-zohar@linux.vnet.ibm.com> X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16062213-0012-0000-0000-000001A24552 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16062213-0013-0000-0000-00000572745C Message-Id: <1466602505-21915-3-git-send-email-zohar@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-06-22_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1606220145 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This patch defines the buffer identifier "KEXEC_CMDLINE_CHECK" for measuring the boot command line. eg: echo -n -e `cat /proc/cmdline | sed 's/^.*root=/root=/'` | sha256sum Signed-off-by: Mimi Zohar --- Documentation/ABI/testing/ima_policy | 1 + include/linux/ima.h | 1 + kernel/kexec_file.c | 4 ++++ security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_buffer.c | 2 ++ security/integrity/ima/ima_policy.c | 9 ++++++++- 6 files changed, 17 insertions(+), 1 deletion(-) diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index bb0f9a1..5a99c6f 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy @@ -28,6 +28,7 @@ Description: base: func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK] [FIRMWARE_CHECK] [KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK] + [KEXEC_CMDLINE_CHECK] mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND] [[^]MAY_EXEC] fsmagic:= hex value diff --git a/include/linux/ima.h b/include/linux/ima.h index 01319b3..88203f9 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -14,6 +14,7 @@ struct linux_binprm; enum ima_buffer_id { + MEASURING_KEXEC_CMDLINE, MEASURING_MAX_BUFFER_ID }; diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 503bc2d..acc8dad1 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -178,6 +179,9 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, ret = -EINVAL; goto out; } + + ima_buffer_check(image->cmdline_buf, cmdline_len - 1, + MEASURING_KEXEC_CMDLINE); } /* Call arch image load handlers */ diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index cc2e77b..5f21a9a 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -150,6 +150,7 @@ enum ima_hooks { FIRMWARE_CHECK, KEXEC_KERNEL_CHECK, KEXEC_INITRAMFS_CHECK, + KEXEC_CMDLINE_CHECK, POLICY_CHECK, MAX_CHECK }; diff --git a/security/integrity/ima/ima_buffer.c b/security/integrity/ima/ima_buffer.c index 84c9494..e74131b 100644 --- a/security/integrity/ima/ima_buffer.c +++ b/security/integrity/ima/ima_buffer.c @@ -20,6 +20,8 @@ struct buffer_idmap { }; static struct buffer_idmap _idmap[MEASURING_MAX_BUFFER_ID] = { + [MEASURING_KEXEC_CMDLINE].func = KEXEC_CMDLINE_CHECK, + [MEASURING_KEXEC_CMDLINE].buf = "boot-cmdline", }; static void process_buffer_measurement(void *buf, loff_t size, diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 521d612..8e53f84 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -663,6 +663,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) else if (strcmp(args[0].from, "KEXEC_INITRAMFS_CHECK") == 0) entry->func = KEXEC_INITRAMFS_CHECK; + else if (strcmp(args[0].from, "KEXEC_CMDLINE_CHECK") + == 0) + entry->func = KEXEC_CMDLINE_CHECK; else if (strcmp(args[0].from, "POLICY_CHECK") == 0) entry->func = POLICY_CHECK; else @@ -926,7 +929,7 @@ enum { func_file = 0, func_mmap, func_bprm, func_module, func_firmware, func_post, func_kexec_kernel, func_kexec_initramfs, - func_policy + func_kexec_cmdline, func_policy }; static char *func_tokens[] = { @@ -938,6 +941,7 @@ static char *func_tokens[] = { "POST_SETATTR", "KEXEC_KERNEL_CHECK", "KEXEC_INITRAMFS_CHECK", + "KEXEC_CMDLINE_CHECK", "POLICY_CHECK" }; @@ -1009,6 +1013,9 @@ static void policy_func_show(struct seq_file *m, enum ima_hooks func) case KEXEC_INITRAMFS_CHECK: seq_printf(m, pt(Opt_func), ft(func_kexec_initramfs)); break; + case KEXEC_CMDLINE_CHECK: + seq_printf(m, pt(Opt_func), ft(func_kexec_cmdline)); + break; case POLICY_CHECK: seq_printf(m, pt(Opt_func), ft(func_policy)); break;