~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/integrity/ima/ima_policy.c

Version: ~ [ linux-4.18 ] ~ [ linux-4.17.14 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.62 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.119 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.147 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.118 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.57 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.27.62 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~ [ linux-next-20180810 ] ~ [ linux-next-20180813 ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Copyright (C) 2008 IBM Corporation
  3  * Author: Mimi Zohar <zohar@us.ibm.com>
  4  *
  5  * This program is free software; you can redistribute it and/or modify
  6  * it under the terms of the GNU General Public License as published by
  7  * the Free Software Foundation, version 2 of the License.
  8  *
  9  * ima_policy.c
 10  *      - initialize default measure policy rules
 11  *
 12  */
 13 #include <linux/module.h>
 14 #include <linux/list.h>
 15 #include <linux/fs.h>
 16 #include <linux/security.h>
 17 #include <linux/magic.h>
 18 #include <linux/parser.h>
 19 #include <linux/slab.h>
 20 #include <linux/rculist.h>
 21 #include <linux/genhd.h>
 22 #include <linux/seq_file.h>
 23 
 24 #include "ima.h"
 25 
 26 /* flags definitions */
 27 #define IMA_FUNC        0x0001
 28 #define IMA_MASK        0x0002
 29 #define IMA_FSMAGIC     0x0004
 30 #define IMA_UID         0x0008
 31 #define IMA_FOWNER      0x0010
 32 #define IMA_FSUUID      0x0020
 33 #define IMA_INMASK      0x0040
 34 #define IMA_EUID        0x0080
 35 #define IMA_PCR         0x0100
 36 #define IMA_FSNAME      0x0200
 37 
 38 #define UNKNOWN         0
 39 #define MEASURE         0x0001  /* same as IMA_MEASURE */
 40 #define DONT_MEASURE    0x0002
 41 #define APPRAISE        0x0004  /* same as IMA_APPRAISE */
 42 #define DONT_APPRAISE   0x0008
 43 #define AUDIT           0x0040
 44 #define HASH            0x0100
 45 #define DONT_HASH       0x0200
 46 
 47 #define INVALID_PCR(a) (((a) < 0) || \
 48         (a) >= (FIELD_SIZEOF(struct integrity_iint_cache, measured_pcrs) * 8))
 49 
 50 int ima_policy_flag;
 51 static int temp_ima_appraise;
 52 
 53 #define MAX_LSM_RULES 6
 54 enum lsm_rule_types { LSM_OBJ_USER, LSM_OBJ_ROLE, LSM_OBJ_TYPE,
 55         LSM_SUBJ_USER, LSM_SUBJ_ROLE, LSM_SUBJ_TYPE
 56 };
 57 
 58 enum policy_types { ORIGINAL_TCB = 1, DEFAULT_TCB };
 59 
 60 struct ima_rule_entry {
 61         struct list_head list;
 62         int action;
 63         unsigned int flags;
 64         enum ima_hooks func;
 65         int mask;
 66         unsigned long fsmagic;
 67         uuid_t fsuuid;
 68         kuid_t uid;
 69         kuid_t fowner;
 70         bool (*uid_op)(kuid_t, kuid_t);    /* Handlers for operators       */
 71         bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */
 72         int pcr;
 73         struct {
 74                 void *rule;     /* LSM file metadata specific */
 75                 void *args_p;   /* audit value */
 76                 int type;       /* audit type */
 77         } lsm[MAX_LSM_RULES];
 78         char *fsname;
 79 };
 80 
 81 /*
 82  * Without LSM specific knowledge, the default policy can only be
 83  * written in terms of .action, .func, .mask, .fsmagic, .uid, and .fowner
 84  */
 85 
 86 /*
 87  * The minimum rule set to allow for full TCB coverage.  Measures all files
 88  * opened or mmap for exec and everything read by root.  Dangerous because
 89  * normal users can easily run the machine out of memory simply building
 90  * and running executables.
 91  */
 92 static struct ima_rule_entry dont_measure_rules[] __ro_after_init = {
 93         {.action = DONT_MEASURE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
 94         {.action = DONT_MEASURE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
 95         {.action = DONT_MEASURE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
 96         {.action = DONT_MEASURE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
 97         {.action = DONT_MEASURE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
 98         {.action = DONT_MEASURE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
 99         {.action = DONT_MEASURE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
100         {.action = DONT_MEASURE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
101         {.action = DONT_MEASURE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
102         {.action = DONT_MEASURE, .fsmagic = CGROUP_SUPER_MAGIC,
103          .flags = IMA_FSMAGIC},
104         {.action = DONT_MEASURE, .fsmagic = CGROUP2_SUPER_MAGIC,
105          .flags = IMA_FSMAGIC},
106         {.action = DONT_MEASURE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}
107 };
108 
109 static struct ima_rule_entry original_measurement_rules[] __ro_after_init = {
110         {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
111          .flags = IMA_FUNC | IMA_MASK},
112         {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
113          .flags = IMA_FUNC | IMA_MASK},
114         {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
115          .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
116          .flags = IMA_FUNC | IMA_MASK | IMA_UID},
117         {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
118         {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
119 };
120 
121 static struct ima_rule_entry default_measurement_rules[] __ro_after_init = {
122         {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
123          .flags = IMA_FUNC | IMA_MASK},
124         {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
125          .flags = IMA_FUNC | IMA_MASK},
126         {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
127          .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
128          .flags = IMA_FUNC | IMA_INMASK | IMA_EUID},
129         {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ,
130          .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq,
131          .flags = IMA_FUNC | IMA_INMASK | IMA_UID},
132         {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC},
133         {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC},
134         {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC},
135 };
136 
137 static struct ima_rule_entry default_appraise_rules[] __ro_after_init = {
138         {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC},
139         {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC},
140         {.action = DONT_APPRAISE, .fsmagic = DEBUGFS_MAGIC, .flags = IMA_FSMAGIC},
141         {.action = DONT_APPRAISE, .fsmagic = TMPFS_MAGIC, .flags = IMA_FSMAGIC},
142         {.action = DONT_APPRAISE, .fsmagic = RAMFS_MAGIC, .flags = IMA_FSMAGIC},
143         {.action = DONT_APPRAISE, .fsmagic = DEVPTS_SUPER_MAGIC, .flags = IMA_FSMAGIC},
144         {.action = DONT_APPRAISE, .fsmagic = BINFMTFS_MAGIC, .flags = IMA_FSMAGIC},
145         {.action = DONT_APPRAISE, .fsmagic = SECURITYFS_MAGIC, .flags = IMA_FSMAGIC},
146         {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC},
147         {.action = DONT_APPRAISE, .fsmagic = SMACK_MAGIC, .flags = IMA_FSMAGIC},
148         {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC},
149         {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC},
150         {.action = DONT_APPRAISE, .fsmagic = CGROUP2_SUPER_MAGIC, .flags = IMA_FSMAGIC},
151 #ifdef CONFIG_IMA_WRITE_POLICY
152         {.action = APPRAISE, .func = POLICY_CHECK,
153         .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
154 #endif
155 #ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT
156         {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
157          .flags = IMA_FOWNER},
158 #else
159         /* force signature */
160         {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq,
161          .flags = IMA_FOWNER | IMA_DIGSIG_REQUIRED},
162 #endif
163 };
164 
165 static struct ima_rule_entry secure_boot_rules[] __ro_after_init = {
166         {.action = APPRAISE, .func = MODULE_CHECK,
167          .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
168         {.action = APPRAISE, .func = FIRMWARE_CHECK,
169          .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
170         {.action = APPRAISE, .func = KEXEC_KERNEL_CHECK,
171          .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
172         {.action = APPRAISE, .func = POLICY_CHECK,
173          .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED},
174 };
175 
176 static LIST_HEAD(ima_default_rules);
177 static LIST_HEAD(ima_policy_rules);
178 static LIST_HEAD(ima_temp_rules);
179 static struct list_head *ima_rules;
180 
181 static int ima_policy __initdata;
182 
183 static int __init default_measure_policy_setup(char *str)
184 {
185         if (ima_policy)
186                 return 1;
187 
188         ima_policy = ORIGINAL_TCB;
189         return 1;
190 }
191 __setup("ima_tcb", default_measure_policy_setup);
192 
193 static bool ima_use_appraise_tcb __initdata;
194 static bool ima_use_secure_boot __initdata;
195 static bool ima_fail_unverifiable_sigs __ro_after_init;
196 static int __init policy_setup(char *str)
197 {
198         char *p;
199 
200         while ((p = strsep(&str, " |\n")) != NULL) {
201                 if (*p == ' ')
202                         continue;
203                 if ((strcmp(p, "tcb") == 0) && !ima_policy)
204                         ima_policy = DEFAULT_TCB;
205                 else if (strcmp(p, "appraise_tcb") == 0)
206                         ima_use_appraise_tcb = true;
207                 else if (strcmp(p, "secure_boot") == 0)
208                         ima_use_secure_boot = true;
209                 else if (strcmp(p, "fail_securely") == 0)
210                         ima_fail_unverifiable_sigs = true;
211         }
212 
213         return 1;
214 }
215 __setup("ima_policy=", policy_setup);
216 
217 static int __init default_appraise_policy_setup(char *str)
218 {
219         ima_use_appraise_tcb = true;
220         return 1;
221 }
222 __setup("ima_appraise_tcb", default_appraise_policy_setup);
223 
224 /*
225  * The LSM policy can be reloaded, leaving the IMA LSM based rules referring
226  * to the old, stale LSM policy.  Update the IMA LSM based rules to reflect
227  * the reloaded LSM policy.  We assume the rules still exist; and BUG_ON() if
228  * they don't.
229  */
230 static void ima_lsm_update_rules(void)
231 {
232         struct ima_rule_entry *entry;
233         int result;
234         int i;
235 
236         list_for_each_entry(entry, &ima_policy_rules, list) {
237                 for (i = 0; i < MAX_LSM_RULES; i++) {
238                         if (!entry->lsm[i].rule)
239                                 continue;
240                         result = security_filter_rule_init(entry->lsm[i].type,
241                                                            Audit_equal,
242                                                            entry->lsm[i].args_p,
243                                                            &entry->lsm[i].rule);
244                         BUG_ON(!entry->lsm[i].rule);
245                 }
246         }
247 }
248 
249 /**
250  * ima_match_rules - determine whether an inode matches the measure rule.
251  * @rule: a pointer to a rule
252  * @inode: a pointer to an inode
253  * @cred: a pointer to a credentials structure for user validation
254  * @secid: the secid of the task to be validated
255  * @func: LIM hook identifier
256  * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
257  *
258  * Returns true on rule match, false on failure.
259  */
260 static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
261                             const struct cred *cred, u32 secid,
262                             enum ima_hooks func, int mask)
263 {
264         int i;
265 
266         if ((rule->flags & IMA_FUNC) &&
267             (rule->func != func && func != POST_SETATTR))
268                 return false;
269         if ((rule->flags & IMA_MASK) &&
270             (rule->mask != mask && func != POST_SETATTR))
271                 return false;
272         if ((rule->flags & IMA_INMASK) &&
273             (!(rule->mask & mask) && func != POST_SETATTR))
274                 return false;
275         if ((rule->flags & IMA_FSMAGIC)
276             && rule->fsmagic != inode->i_sb->s_magic)
277                 return false;
278         if ((rule->flags & IMA_FSNAME)
279             && strcmp(rule->fsname, inode->i_sb->s_type->name))
280                 return false;
281         if ((rule->flags & IMA_FSUUID) &&
282             !uuid_equal(&rule->fsuuid, &inode->i_sb->s_uuid))
283                 return false;
284         if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid))
285                 return false;
286         if (rule->flags & IMA_EUID) {
287                 if (has_capability_noaudit(current, CAP_SETUID)) {
288                         if (!rule->uid_op(cred->euid, rule->uid)
289                             && !rule->uid_op(cred->suid, rule->uid)
290                             && !rule->uid_op(cred->uid, rule->uid))
291                                 return false;
292                 } else if (!rule->uid_op(cred->euid, rule->uid))
293                         return false;
294         }
295 
296         if ((rule->flags & IMA_FOWNER) &&
297             !rule->fowner_op(inode->i_uid, rule->fowner))
298                 return false;
299         for (i = 0; i < MAX_LSM_RULES; i++) {
300                 int rc = 0;
301                 u32 osid;
302                 int retried = 0;
303 
304                 if (!rule->lsm[i].rule)
305                         continue;
306 retry:
307                 switch (i) {
308                 case LSM_OBJ_USER:
309                 case LSM_OBJ_ROLE:
310                 case LSM_OBJ_TYPE:
311                         security_inode_getsecid(inode, &osid);
312                         rc = security_filter_rule_match(osid,
313                                                         rule->lsm[i].type,
314                                                         Audit_equal,
315                                                         rule->lsm[i].rule,
316                                                         NULL);
317                         break;
318                 case LSM_SUBJ_USER:
319                 case LSM_SUBJ_ROLE:
320                 case LSM_SUBJ_TYPE:
321                         rc = security_filter_rule_match(secid,
322                                                         rule->lsm[i].type,
323                                                         Audit_equal,
324                                                         rule->lsm[i].rule,
325                                                         NULL);
326                 default:
327                         break;
328                 }
329                 if ((rc < 0) && (!retried)) {
330                         retried = 1;
331                         ima_lsm_update_rules();
332                         goto retry;
333                 }
334                 if (!rc)
335                         return false;
336         }
337         return true;
338 }
339 
340 /*
341  * In addition to knowing that we need to appraise the file in general,
342  * we need to differentiate between calling hooks, for hook specific rules.
343  */
344 static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
345 {
346         if (!(rule->flags & IMA_FUNC))
347                 return IMA_FILE_APPRAISE;
348 
349         switch (func) {
350         case MMAP_CHECK:
351                 return IMA_MMAP_APPRAISE;
352         case BPRM_CHECK:
353                 return IMA_BPRM_APPRAISE;
354         case CREDS_CHECK:
355                 return IMA_CREDS_APPRAISE;
356         case FILE_CHECK:
357         case POST_SETATTR:
358                 return IMA_FILE_APPRAISE;
359         case MODULE_CHECK ... MAX_CHECK - 1:
360         default:
361                 return IMA_READ_APPRAISE;
362         }
363 }
364 
365 /**
366  * ima_match_policy - decision based on LSM and other conditions
367  * @inode: pointer to an inode for which the policy decision is being made
368  * @cred: pointer to a credentials structure for which the policy decision is
369  *        being made
370  * @secid: LSM secid of the task to be validated
371  * @func: IMA hook identifier
372  * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
373  * @pcr: set the pcr to extend
374  *
375  * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
376  * conditions.
377  *
378  * Since the IMA policy may be updated multiple times we need to lock the
379  * list when walking it.  Reads are many orders of magnitude more numerous
380  * than writes so ima_match_policy() is classical RCU candidate.
381  */
382 int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
383                      enum ima_hooks func, int mask, int flags, int *pcr)
384 {
385         struct ima_rule_entry *entry;
386         int action = 0, actmask = flags | (flags << 1);
387 
388         rcu_read_lock();
389         list_for_each_entry_rcu(entry, ima_rules, list) {
390 
391                 if (!(entry->action & actmask))
392                         continue;
393 
394                 if (!ima_match_rules(entry, inode, cred, secid, func, mask))
395                         continue;
396 
397                 action |= entry->flags & IMA_ACTION_FLAGS;
398 
399                 action |= entry->action & IMA_DO_MASK;
400                 if (entry->action & IMA_APPRAISE) {
401                         action |= get_subaction(entry, func);
402                         action &= ~IMA_HASH;
403                         if (ima_fail_unverifiable_sigs)
404                                 action |= IMA_FAIL_UNVERIFIABLE_SIGS;
405                 }
406 
407                 if (entry->action & IMA_DO_MASK)
408                         actmask &= ~(entry->action | entry->action << 1);
409                 else
410                         actmask &= ~(entry->action | entry->action >> 1);
411 
412                 if ((pcr) && (entry->flags & IMA_PCR))
413                         *pcr = entry->pcr;
414 
415                 if (!actmask)
416                         break;
417         }
418         rcu_read_unlock();
419 
420         return action;
421 }
422 
423 /*
424  * Initialize the ima_policy_flag variable based on the currently
425  * loaded policy.  Based on this flag, the decision to short circuit
426  * out of a function or not call the function in the first place
427  * can be made earlier.
428  */
429 void ima_update_policy_flag(void)
430 {
431         struct ima_rule_entry *entry;
432 
433         list_for_each_entry(entry, ima_rules, list) {
434                 if (entry->action & IMA_DO_MASK)
435                         ima_policy_flag |= entry->action;
436         }
437 
438         ima_appraise |= temp_ima_appraise;
439         if (!ima_appraise)
440                 ima_policy_flag &= ~IMA_APPRAISE;
441 }
442 
443 static int ima_appraise_flag(enum ima_hooks func)
444 {
445         if (func == MODULE_CHECK)
446                 return IMA_APPRAISE_MODULES;
447         else if (func == FIRMWARE_CHECK)
448                 return IMA_APPRAISE_FIRMWARE;
449         else if (func == POLICY_CHECK)
450                 return IMA_APPRAISE_POLICY;
451         return 0;
452 }
453 
454 /**
455  * ima_init_policy - initialize the default measure rules.
456  *
457  * ima_rules points to either the ima_default_rules or the
458  * the new ima_policy_rules.
459  */
460 void __init ima_init_policy(void)
461 {
462         int i, measure_entries, appraise_entries, secure_boot_entries;
463 
464         /* if !ima_policy set entries = 0 so we load NO default rules */
465         measure_entries = ima_policy ? ARRAY_SIZE(dont_measure_rules) : 0;
466         appraise_entries = ima_use_appraise_tcb ?
467                          ARRAY_SIZE(default_appraise_rules) : 0;
468         secure_boot_entries = ima_use_secure_boot ?
469                         ARRAY_SIZE(secure_boot_rules) : 0;
470 
471         for (i = 0; i < measure_entries; i++)
472                 list_add_tail(&dont_measure_rules[i].list, &ima_default_rules);
473 
474         switch (ima_policy) {
475         case ORIGINAL_TCB:
476                 for (i = 0; i < ARRAY_SIZE(original_measurement_rules); i++)
477                         list_add_tail(&original_measurement_rules[i].list,
478                                       &ima_default_rules);
479                 break;
480         case DEFAULT_TCB:
481                 for (i = 0; i < ARRAY_SIZE(default_measurement_rules); i++)
482                         list_add_tail(&default_measurement_rules[i].list,
483                                       &ima_default_rules);
484         default:
485                 break;
486         }
487 
488         /*
489          * Insert the appraise rules requiring file signatures, prior to
490          * any other appraise rules.
491          */
492         for (i = 0; i < secure_boot_entries; i++) {
493                 list_add_tail(&secure_boot_rules[i].list, &ima_default_rules);
494                 temp_ima_appraise |=
495                     ima_appraise_flag(secure_boot_rules[i].func);
496         }
497 
498         for (i = 0; i < appraise_entries; i++) {
499                 list_add_tail(&default_appraise_rules[i].list,
500                               &ima_default_rules);
501                 if (default_appraise_rules[i].func == POLICY_CHECK)
502                         temp_ima_appraise |= IMA_APPRAISE_POLICY;
503         }
504 
505         ima_rules = &ima_default_rules;
506         ima_update_policy_flag();
507 }
508 
509 /* Make sure we have a valid policy, at least containing some rules. */
510 int ima_check_policy(void)
511 {
512         if (list_empty(&ima_temp_rules))
513                 return -EINVAL;
514         return 0;
515 }
516 
517 /**
518  * ima_update_policy - update default_rules with new measure rules
519  *
520  * Called on file .release to update the default rules with a complete new
521  * policy.  What we do here is to splice ima_policy_rules and ima_temp_rules so
522  * they make a queue.  The policy may be updated multiple times and this is the
523  * RCU updater.
524  *
525  * Policy rules are never deleted so ima_policy_flag gets zeroed only once when
526  * we switch from the default policy to user defined.
527  */
528 void ima_update_policy(void)
529 {
530         struct list_head *policy = &ima_policy_rules;
531 
532         list_splice_tail_init_rcu(&ima_temp_rules, policy, synchronize_rcu);
533 
534         if (ima_rules != policy) {
535                 ima_policy_flag = 0;
536                 ima_rules = policy;
537         }
538         ima_update_policy_flag();
539 }
540 
541 enum {
542         Opt_err = -1,
543         Opt_measure = 1, Opt_dont_measure,
544         Opt_appraise, Opt_dont_appraise,
545         Opt_audit, Opt_hash, Opt_dont_hash,
546         Opt_obj_user, Opt_obj_role, Opt_obj_type,
547         Opt_subj_user, Opt_subj_role, Opt_subj_type,
548         Opt_func, Opt_mask, Opt_fsmagic, Opt_fsname,
549         Opt_fsuuid, Opt_uid_eq, Opt_euid_eq, Opt_fowner_eq,
550         Opt_uid_gt, Opt_euid_gt, Opt_fowner_gt,
551         Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt,
552         Opt_appraise_type, Opt_permit_directio,
553         Opt_pcr
554 };
555 
556 static match_table_t policy_tokens = {
557         {Opt_measure, "measure"},
558         {Opt_dont_measure, "dont_measure"},
559         {Opt_appraise, "appraise"},
560         {Opt_dont_appraise, "dont_appraise"},
561         {Opt_audit, "audit"},
562         {Opt_hash, "hash"},
563         {Opt_dont_hash, "dont_hash"},
564         {Opt_obj_user, "obj_user=%s"},
565         {Opt_obj_role, "obj_role=%s"},
566         {Opt_obj_type, "obj_type=%s"},
567         {Opt_subj_user, "subj_user=%s"},
568         {Opt_subj_role, "subj_role=%s"},
569         {Opt_subj_type, "subj_type=%s"},
570         {Opt_func, "func=%s"},
571         {Opt_mask, "mask=%s"},
572         {Opt_fsmagic, "fsmagic=%s"},
573         {Opt_fsname, "fsname=%s"},
574         {Opt_fsuuid, "fsuuid=%s"},
575         {Opt_uid_eq, "uid=%s"},
576         {Opt_euid_eq, "euid=%s"},
577         {Opt_fowner_eq, "fowner=%s"},
578         {Opt_uid_gt, "uid>%s"},
579         {Opt_euid_gt, "euid>%s"},
580         {Opt_fowner_gt, "fowner>%s"},
581         {Opt_uid_lt, "uid<%s"},
582         {Opt_euid_lt, "euid<%s"},
583         {Opt_fowner_lt, "fowner<%s"},
584         {Opt_appraise_type, "appraise_type=%s"},
585         {Opt_permit_directio, "permit_directio"},
586         {Opt_pcr, "pcr=%s"},
587         {Opt_err, NULL}
588 };
589 
590 static int ima_lsm_rule_init(struct ima_rule_entry *entry,
591                              substring_t *args, int lsm_rule, int audit_type)
592 {
593         int result;
594 
595         if (entry->lsm[lsm_rule].rule)
596                 return -EINVAL;
597 
598         entry->lsm[lsm_rule].args_p = match_strdup(args);
599         if (!entry->lsm[lsm_rule].args_p)
600                 return -ENOMEM;
601 
602         entry->lsm[lsm_rule].type = audit_type;
603         result = security_filter_rule_init(entry->lsm[lsm_rule].type,
604                                            Audit_equal,
605                                            entry->lsm[lsm_rule].args_p,
606                                            &entry->lsm[lsm_rule].rule);
607         if (!entry->lsm[lsm_rule].rule) {
608                 kfree(entry->lsm[lsm_rule].args_p);
609                 return -EINVAL;
610         }
611 
612         return result;
613 }
614 
615 static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value,
616                               bool (*rule_operator)(kuid_t, kuid_t))
617 {
618         if (rule_operator == &uid_gt)
619                 audit_log_format(ab, "%s>", key);
620         else if (rule_operator == &uid_lt)
621                 audit_log_format(ab, "%s<", key);
622         else
623                 audit_log_format(ab, "%s=", key);
624         audit_log_untrustedstring(ab, value);
625         audit_log_format(ab, " ");
626 }
627 static void ima_log_string(struct audit_buffer *ab, char *key, char *value)
628 {
629         ima_log_string_op(ab, key, value, NULL);
630 }
631 
632 static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
633 {
634         struct audit_buffer *ab;
635         char *from;
636         char *p;
637         bool uid_token;
638         int result = 0;
639 
640         ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
641 
642         entry->uid = INVALID_UID;
643         entry->fowner = INVALID_UID;
644         entry->uid_op = &uid_eq;
645         entry->fowner_op = &uid_eq;
646         entry->action = UNKNOWN;
647         while ((p = strsep(&rule, " \t")) != NULL) {
648                 substring_t args[MAX_OPT_ARGS];
649                 int token;
650                 unsigned long lnum;
651 
652                 if (result < 0)
653                         break;
654                 if ((*p == '\0') || (*p == ' ') || (*p == '\t'))
655                         continue;
656                 token = match_token(p, policy_tokens, args);
657                 switch (token) {
658                 case Opt_measure:
659                         ima_log_string(ab, "action", "measure");
660 
661                         if (entry->action != UNKNOWN)
662                                 result = -EINVAL;
663 
664                         entry->action = MEASURE;
665                         break;
666                 case Opt_dont_measure:
667                         ima_log_string(ab, "action", "dont_measure");
668 
669                         if (entry->action != UNKNOWN)
670                                 result = -EINVAL;
671 
672                         entry->action = DONT_MEASURE;
673                         break;
674                 case Opt_appraise:
675                         ima_log_string(ab, "action", "appraise");
676 
677                         if (entry->action != UNKNOWN)
678                                 result = -EINVAL;
679 
680                         entry->action = APPRAISE;
681                         break;
682                 case Opt_dont_appraise:
683                         ima_log_string(ab, "action", "dont_appraise");
684 
685                         if (entry->action != UNKNOWN)
686                                 result = -EINVAL;
687 
688                         entry->action = DONT_APPRAISE;
689                         break;
690                 case Opt_audit:
691                         ima_log_string(ab, "action", "audit");
692 
693                         if (entry->action != UNKNOWN)
694                                 result = -EINVAL;
695 
696                         entry->action = AUDIT;
697                         break;
698                 case Opt_hash:
699                         ima_log_string(ab, "action", "hash");
700 
701                         if (entry->action != UNKNOWN)
702                                 result = -EINVAL;
703 
704                         entry->action = HASH;
705                         break;
706                 case Opt_dont_hash:
707                         ima_log_string(ab, "action", "dont_hash");
708 
709                         if (entry->action != UNKNOWN)
710                                 result = -EINVAL;
711 
712                         entry->action = DONT_HASH;
713                         break;
714                 case Opt_func:
715                         ima_log_string(ab, "func", args[0].from);
716 
717                         if (entry->func)
718                                 result = -EINVAL;
719 
720                         if (strcmp(args[0].from, "FILE_CHECK") == 0)
721                                 entry->func = FILE_CHECK;
722                         /* PATH_CHECK is for backwards compat */
723                         else if (strcmp(args[0].from, "PATH_CHECK") == 0)
724                                 entry->func = FILE_CHECK;
725                         else if (strcmp(args[0].from, "MODULE_CHECK") == 0)
726                                 entry->func = MODULE_CHECK;
727                         else if (strcmp(args[0].from, "FIRMWARE_CHECK") == 0)
728                                 entry->func = FIRMWARE_CHECK;
729                         else if ((strcmp(args[0].from, "FILE_MMAP") == 0)
730                                 || (strcmp(args[0].from, "MMAP_CHECK") == 0))
731                                 entry->func = MMAP_CHECK;
732                         else if (strcmp(args[0].from, "BPRM_CHECK") == 0)
733                                 entry->func = BPRM_CHECK;
734                         else if (strcmp(args[0].from, "CREDS_CHECK") == 0)
735                                 entry->func = CREDS_CHECK;
736                         else if (strcmp(args[0].from, "KEXEC_KERNEL_CHECK") ==
737                                  0)
738                                 entry->func = KEXEC_KERNEL_CHECK;
739                         else if (strcmp(args[0].from, "KEXEC_INITRAMFS_CHECK")
740                                  == 0)
741                                 entry->func = KEXEC_INITRAMFS_CHECK;
742                         else if (strcmp(args[0].from, "POLICY_CHECK") == 0)
743                                 entry->func = POLICY_CHECK;
744                         else
745                                 result = -EINVAL;
746                         if (!result)
747                                 entry->flags |= IMA_FUNC;
748                         break;
749                 case Opt_mask:
750                         ima_log_string(ab, "mask", args[0].from);
751 
752                         if (entry->mask)
753                                 result = -EINVAL;
754 
755                         from = args[0].from;
756                         if (*from == '^')
757                                 from++;
758 
759                         if ((strcmp(from, "MAY_EXEC")) == 0)
760                                 entry->mask = MAY_EXEC;
761                         else if (strcmp(from, "MAY_WRITE") == 0)
762                                 entry->mask = MAY_WRITE;
763                         else if (strcmp(from, "MAY_READ") == 0)
764                                 entry->mask = MAY_READ;
765                         else if (strcmp(from, "MAY_APPEND") == 0)
766                                 entry->mask = MAY_APPEND;
767                         else
768                                 result = -EINVAL;
769                         if (!result)
770                                 entry->flags |= (*args[0].from == '^')
771                                      ? IMA_INMASK : IMA_MASK;
772                         break;
773                 case Opt_fsmagic:
774                         ima_log_string(ab, "fsmagic", args[0].from);
775 
776                         if (entry->fsmagic) {
777                                 result = -EINVAL;
778                                 break;
779                         }
780 
781                         result = kstrtoul(args[0].from, 16, &entry->fsmagic);
782                         if (!result)
783                                 entry->flags |= IMA_FSMAGIC;
784                         break;
785                 case Opt_fsname:
786                         ima_log_string(ab, "fsname", args[0].from);
787 
788                         entry->fsname = kstrdup(args[0].from, GFP_KERNEL);
789                         if (!entry->fsname) {
790                                 result = -ENOMEM;
791                                 break;
792                         }
793                         result = 0;
794                         entry->flags |= IMA_FSNAME;
795                         break;
796                 case Opt_fsuuid:
797                         ima_log_string(ab, "fsuuid", args[0].from);
798 
799                         if (!uuid_is_null(&entry->fsuuid)) {
800                                 result = -EINVAL;
801                                 break;
802                         }
803 
804                         result = uuid_parse(args[0].from, &entry->fsuuid);
805                         if (!result)
806                                 entry->flags |= IMA_FSUUID;
807                         break;
808                 case Opt_uid_gt:
809                 case Opt_euid_gt:
810                         entry->uid_op = &uid_gt;
811                 case Opt_uid_lt:
812                 case Opt_euid_lt:
813                         if ((token == Opt_uid_lt) || (token == Opt_euid_lt))
814                                 entry->uid_op = &uid_lt;
815                 case Opt_uid_eq:
816                 case Opt_euid_eq:
817                         uid_token = (token == Opt_uid_eq) ||
818                                     (token == Opt_uid_gt) ||
819                                     (token == Opt_uid_lt);
820 
821                         ima_log_string_op(ab, uid_token ? "uid" : "euid",
822                                           args[0].from, entry->uid_op);
823 
824                         if (uid_valid(entry->uid)) {
825                                 result = -EINVAL;
826                                 break;
827                         }
828 
829                         result = kstrtoul(args[0].from, 10, &lnum);
830                         if (!result) {
831                                 entry->uid = make_kuid(current_user_ns(),
832                                                        (uid_t) lnum);
833                                 if (!uid_valid(entry->uid) ||
834                                     (uid_t)lnum != lnum)
835                                         result = -EINVAL;
836                                 else
837                                         entry->flags |= uid_token
838                                             ? IMA_UID : IMA_EUID;
839                         }
840                         break;
841                 case Opt_fowner_gt:
842                         entry->fowner_op = &uid_gt;
843                 case Opt_fowner_lt:
844                         if (token == Opt_fowner_lt)
845                                 entry->fowner_op = &uid_lt;
846                 case Opt_fowner_eq:
847                         ima_log_string_op(ab, "fowner", args[0].from,
848                                           entry->fowner_op);
849 
850                         if (uid_valid(entry->fowner)) {
851                                 result = -EINVAL;
852                                 break;
853                         }
854 
855                         result = kstrtoul(args[0].from, 10, &lnum);
856                         if (!result) {
857                                 entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum);
858                                 if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum))
859                                         result = -EINVAL;
860                                 else
861                                         entry->flags |= IMA_FOWNER;
862                         }
863                         break;
864                 case Opt_obj_user:
865                         ima_log_string(ab, "obj_user", args[0].from);
866                         result = ima_lsm_rule_init(entry, args,
867                                                    LSM_OBJ_USER,
868                                                    AUDIT_OBJ_USER);
869                         break;
870                 case Opt_obj_role:
871                         ima_log_string(ab, "obj_role", args[0].from);
872                         result = ima_lsm_rule_init(entry, args,
873                                                    LSM_OBJ_ROLE,
874                                                    AUDIT_OBJ_ROLE);
875                         break;
876                 case Opt_obj_type:
877                         ima_log_string(ab, "obj_type", args[0].from);
878                         result = ima_lsm_rule_init(entry, args,
879                                                    LSM_OBJ_TYPE,
880                                                    AUDIT_OBJ_TYPE);
881                         break;
882                 case Opt_subj_user:
883                         ima_log_string(ab, "subj_user", args[0].from);
884                         result = ima_lsm_rule_init(entry, args,
885                                                    LSM_SUBJ_USER,
886                                                    AUDIT_SUBJ_USER);
887                         break;
888                 case Opt_subj_role:
889                         ima_log_string(ab, "subj_role", args[0].from);
890                         result = ima_lsm_rule_init(entry, args,
891                                                    LSM_SUBJ_ROLE,
892                                                    AUDIT_SUBJ_ROLE);
893                         break;
894                 case Opt_subj_type:
895                         ima_log_string(ab, "subj_type", args[0].from);
896                         result = ima_lsm_rule_init(entry, args,
897                                                    LSM_SUBJ_TYPE,
898                                                    AUDIT_SUBJ_TYPE);
899                         break;
900                 case Opt_appraise_type:
901                         if (entry->action != APPRAISE) {
902                                 result = -EINVAL;
903                                 break;
904                         }
905 
906                         ima_log_string(ab, "appraise_type", args[0].from);
907                         if ((strcmp(args[0].from, "imasig")) == 0)
908                                 entry->flags |= IMA_DIGSIG_REQUIRED;
909                         else
910                                 result = -EINVAL;
911                         break;
912                 case Opt_permit_directio:
913                         entry->flags |= IMA_PERMIT_DIRECTIO;
914                         break;
915                 case Opt_pcr:
916                         if (entry->action != MEASURE) {
917                                 result = -EINVAL;
918                                 break;
919                         }
920                         ima_log_string(ab, "pcr", args[0].from);
921 
922                         result = kstrtoint(args[0].from, 10, &entry->pcr);
923                         if (result || INVALID_PCR(entry->pcr))
924                                 result = -EINVAL;
925                         else
926                                 entry->flags |= IMA_PCR;
927 
928                         break;
929                 case Opt_err:
930                         ima_log_string(ab, "UNKNOWN", p);
931                         result = -EINVAL;
932                         break;
933                 }
934         }
935         if (!result && (entry->action == UNKNOWN))
936                 result = -EINVAL;
937         else if (entry->action == APPRAISE)
938                 temp_ima_appraise |= ima_appraise_flag(entry->func);
939 
940         audit_log_format(ab, "res=%d", !result);
941         audit_log_end(ab);
942         return result;
943 }
944 
945 /**
946  * ima_parse_add_rule - add a rule to ima_policy_rules
947  * @rule - ima measurement policy rule
948  *
949  * Avoid locking by allowing just one writer at a time in ima_write_policy()
950  * Returns the length of the rule parsed, an error code on failure
951  */
952 ssize_t ima_parse_add_rule(char *rule)
953 {
954         static const char op[] = "update_policy";
955         char *p;
956         struct ima_rule_entry *entry;
957         ssize_t result, len;
958         int audit_info = 0;
959 
960         p = strsep(&rule, "\n");
961         len = strlen(p) + 1;
962         p += strspn(p, " \t");
963 
964         if (*p == '#' || *p == '\0')
965                 return len;
966 
967         entry = kzalloc(sizeof(*entry), GFP_KERNEL);
968         if (!entry) {
969                 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
970                                     NULL, op, "-ENOMEM", -ENOMEM, audit_info);
971                 return -ENOMEM;
972         }
973 
974         INIT_LIST_HEAD(&entry->list);
975 
976         result = ima_parse_rule(p, entry);
977         if (result) {
978                 kfree(entry);
979                 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
980                                     NULL, op, "invalid-policy", result,
981                                     audit_info);
982                 return result;
983         }
984 
985         list_add_tail(&entry->list, &ima_temp_rules);
986 
987         return len;
988 }
989 
990 /**
991  * ima_delete_rules() called to cleanup invalid in-flight policy.
992  * We don't need locking as we operate on the temp list, which is
993  * different from the active one.  There is also only one user of
994  * ima_delete_rules() at a time.
995  */
996 void ima_delete_rules(void)
997 {
998         struct ima_rule_entry *entry, *tmp;
999         int i;
1000 
1001         temp_ima_appraise = 0;
1002         list_for_each_entry_safe(entry, tmp, &ima_temp_rules, list) {
1003                 for (i = 0; i < MAX_LSM_RULES; i++)
1004                         kfree(entry->lsm[i].args_p);
1005 
1006                 list_del(&entry->list);
1007                 kfree(entry);
1008         }
1009 }
1010 
1011 #ifdef  CONFIG_IMA_READ_POLICY
1012 enum {
1013         mask_exec = 0, mask_write, mask_read, mask_append
1014 };
1015 
1016 static const char *const mask_tokens[] = {
1017         "MAY_EXEC",
1018         "MAY_WRITE",
1019         "MAY_READ",
1020         "MAY_APPEND"
1021 };
1022 
1023 #define __ima_hook_stringify(str)       (#str),
1024 
1025 static const char *const func_tokens[] = {
1026         __ima_hooks(__ima_hook_stringify)
1027 };
1028 
1029 void *ima_policy_start(struct seq_file *m, loff_t *pos)
1030 {
1031         loff_t l = *pos;
1032         struct ima_rule_entry *entry;
1033 
1034         rcu_read_lock();
1035         list_for_each_entry_rcu(entry, ima_rules, list) {
1036                 if (!l--) {
1037                         rcu_read_unlock();
1038                         return entry;
1039                 }
1040         }
1041         rcu_read_unlock();
1042         return NULL;
1043 }
1044 
1045 void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos)
1046 {
1047         struct ima_rule_entry *entry = v;
1048 
1049         rcu_read_lock();
1050         entry = list_entry_rcu(entry->list.next, struct ima_rule_entry, list);
1051         rcu_read_unlock();
1052         (*pos)++;
1053 
1054         return (&entry->list == ima_rules) ? NULL : entry;
1055 }
1056 
1057 void ima_policy_stop(struct seq_file *m, void *v)
1058 {
1059 }
1060 
1061 #define pt(token)       policy_tokens[token + Opt_err].pattern
1062 #define mt(token)       mask_tokens[token]
1063 
1064 /*
1065  * policy_func_show - display the ima_hooks policy rule
1066  */
1067 static void policy_func_show(struct seq_file *m, enum ima_hooks func)
1068 {
1069         if (func > 0 && func < MAX_CHECK)
1070                 seq_printf(m, "func=%s ", func_tokens[func]);
1071         else
1072                 seq_printf(m, "func=%d ", func);
1073 }
1074 
1075 int ima_policy_show(struct seq_file *m, void *v)
1076 {
1077         struct ima_rule_entry *entry = v;
1078         int i;
1079         char tbuf[64] = {0,};
1080 
1081         rcu_read_lock();
1082 
1083         if (entry->action & MEASURE)
1084                 seq_puts(m, pt(Opt_measure));
1085         if (entry->action & DONT_MEASURE)
1086                 seq_puts(m, pt(Opt_dont_measure));
1087         if (entry->action & APPRAISE)
1088                 seq_puts(m, pt(Opt_appraise));
1089         if (entry->action & DONT_APPRAISE)
1090                 seq_puts(m, pt(Opt_dont_appraise));
1091         if (entry->action & AUDIT)
1092                 seq_puts(m, pt(Opt_audit));
1093         if (entry->action & HASH)
1094                 seq_puts(m, pt(Opt_hash));
1095         if (entry->action & DONT_HASH)
1096                 seq_puts(m, pt(Opt_dont_hash));
1097 
1098         seq_puts(m, " ");
1099 
1100         if (entry->flags & IMA_FUNC)
1101                 policy_func_show(m, entry->func);
1102 
1103         if (entry->flags & IMA_MASK) {
1104                 if (entry->mask & MAY_EXEC)
1105                         seq_printf(m, pt(Opt_mask), mt(mask_exec));
1106                 if (entry->mask & MAY_WRITE)
1107                         seq_printf(m, pt(Opt_mask), mt(mask_write));
1108                 if (entry->mask & MAY_READ)
1109                         seq_printf(m, pt(Opt_mask), mt(mask_read));
1110                 if (entry->mask & MAY_APPEND)
1111                         seq_printf(m, pt(Opt_mask), mt(mask_append));
1112                 seq_puts(m, " ");
1113         }
1114 
1115         if (entry->flags & IMA_FSMAGIC) {
1116                 snprintf(tbuf, sizeof(tbuf), "0x%lx", entry->fsmagic);
1117                 seq_printf(m, pt(Opt_fsmagic), tbuf);
1118                 seq_puts(m, " ");
1119         }
1120 
1121         if (entry->flags & IMA_FSNAME) {
1122                 snprintf(tbuf, sizeof(tbuf), "%s", entry->fsname);
1123                 seq_printf(m, pt(Opt_fsname), tbuf);
1124                 seq_puts(m, " ");
1125         }
1126 
1127         if (entry->flags & IMA_PCR) {
1128                 snprintf(tbuf, sizeof(tbuf), "%d", entry->pcr);
1129                 seq_printf(m, pt(Opt_pcr), tbuf);
1130                 seq_puts(m, " ");
1131         }
1132 
1133         if (entry->flags & IMA_FSUUID) {
1134                 seq_printf(m, "fsuuid=%pU", &entry->fsuuid);
1135                 seq_puts(m, " ");
1136         }
1137 
1138         if (entry->flags & IMA_UID) {
1139                 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid));
1140                 if (entry->uid_op == &uid_gt)
1141                         seq_printf(m, pt(Opt_uid_gt), tbuf);
1142                 else if (entry->uid_op == &uid_lt)
1143                         seq_printf(m, pt(Opt_uid_lt), tbuf);
1144                 else
1145                         seq_printf(m, pt(Opt_uid_eq), tbuf);
1146                 seq_puts(m, " ");
1147         }
1148 
1149         if (entry->flags & IMA_EUID) {
1150                 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid));
1151                 if (entry->uid_op == &uid_gt)
1152                         seq_printf(m, pt(Opt_euid_gt), tbuf);
1153                 else if (entry->uid_op == &uid_lt)
1154                         seq_printf(m, pt(Opt_euid_lt), tbuf);
1155                 else
1156                         seq_printf(m, pt(Opt_euid_eq), tbuf);
1157                 seq_puts(m, " ");
1158         }
1159 
1160         if (entry->flags & IMA_FOWNER) {
1161                 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner));
1162                 if (entry->fowner_op == &uid_gt)
1163                         seq_printf(m, pt(Opt_fowner_gt), tbuf);
1164                 else if (entry->fowner_op == &uid_lt)
1165                         seq_printf(m, pt(Opt_fowner_lt), tbuf);
1166                 else
1167                         seq_printf(m, pt(Opt_fowner_eq), tbuf);
1168                 seq_puts(m, " ");
1169         }
1170 
1171         for (i = 0; i < MAX_LSM_RULES; i++) {
1172                 if (entry->lsm[i].rule) {
1173                         switch (i) {
1174                         case LSM_OBJ_USER:
1175                                 seq_printf(m, pt(Opt_obj_user),
1176                                            (char *)entry->lsm[i].args_p);
1177                                 break;
1178                         case LSM_OBJ_ROLE:
1179                                 seq_printf(m, pt(Opt_obj_role),
1180                                            (char *)entry->lsm[i].args_p);
1181                                 break;
1182                         case LSM_OBJ_TYPE:
1183                                 seq_printf(m, pt(Opt_obj_type),
1184                                            (char *)entry->lsm[i].args_p);
1185                                 break;
1186                         case LSM_SUBJ_USER:
1187                                 seq_printf(m, pt(Opt_subj_user),
1188                                            (char *)entry->lsm[i].args_p);
1189                                 break;
1190                         case LSM_SUBJ_ROLE:
1191                                 seq_printf(m, pt(Opt_subj_role),
1192                                            (char *)entry->lsm[i].args_p);
1193                                 break;
1194                         case LSM_SUBJ_TYPE:
1195                                 seq_printf(m, pt(Opt_subj_type),
1196                                            (char *)entry->lsm[i].args_p);
1197                                 break;
1198                         }
1199                 }
1200         }
1201         if (entry->flags & IMA_DIGSIG_REQUIRED)
1202                 seq_puts(m, "appraise_type=imasig ");
1203         if (entry->flags & IMA_PERMIT_DIRECTIO)
1204                 seq_puts(m, "permit_directio ");
1205         rcu_read_unlock();
1206         seq_puts(m, "\n");
1207         return 0;
1208 }
1209 #endif  /* CONFIG_IMA_READ_POLICY */
1210 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp