From ec29ea544b1ce204ba3575ba05fccf3069d00c3f Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:47:44 -0500 Subject: ima: valid return code from ima_inode_alloc ima_inode_alloc returns 0 and 1, but the LSM hooks expects an errno. Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima_iint.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index a4e2b1dac943..4a53f396d422 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -87,8 +87,6 @@ out: /** * ima_inode_alloc - allocate an iint associated with an inode * @inode: pointer to the inode - * - * Return 0 on success, 1 on failure. */ int ima_inode_alloc(struct inode *inode) { @@ -99,7 +97,7 @@ int ima_inode_alloc(struct inode *inode) iint = ima_iint_insert(inode); if (!iint) - return 1; + return -ENOMEM; return 0; } -- cgit v1.2.1 From 9353384ec8128cb443463016bbabb44ca857ff52 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:47:52 -0500 Subject: ima: only insert at inode creation time iints are supposed to be allocated when an inode is allocated (during security_inode_alloc()) But we have code which will attempt to allocate an iint during measurement calls. If we couldn't allocate the iint and we cared, we should have died during security_inode_alloc(). Not make the code more complex and less efficient. Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_iint.c | 71 ++++++--------------------------------- security/integrity/ima/ima_main.c | 8 ++--- 3 files changed, 14 insertions(+), 66 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 165eb5397ea5..349aabc83297 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -128,7 +128,6 @@ void ima_template_show(struct seq_file *m, void *e, */ struct ima_iint_cache *ima_iint_insert(struct inode *inode); struct ima_iint_cache *ima_iint_find_get(struct inode *inode); -struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode); void ima_iint_delete(struct inode *inode); void iint_free(struct kref *kref); void iint_rcu_free(struct rcu_head *rcu); diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 4a53f396d422..2f6ab5258b1e 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -45,22 +45,21 @@ out: return iint; } -/* Allocate memory for the iint associated with the inode - * from the iint_cache slab, initialize the iint, and - * insert it into the radix tree. - * - * On success return a pointer to the iint; on failure return NULL. +/** + * ima_inode_alloc - allocate an iint associated with an inode + * @inode: pointer to the inode */ -struct ima_iint_cache *ima_iint_insert(struct inode *inode) +int ima_inode_alloc(struct inode *inode) { struct ima_iint_cache *iint = NULL; int rc = 0; if (!ima_initialized) - return iint; + return 0; + iint = kmem_cache_alloc(iint_cache, GFP_NOFS); if (!iint) - return iint; + return -ENOMEM; rc = radix_tree_preload(GFP_NOFS); if (rc < 0) @@ -70,63 +69,13 @@ struct ima_iint_cache *ima_iint_insert(struct inode *inode) rc = radix_tree_insert(&ima_iint_store, (unsigned long)inode, iint); spin_unlock(&ima_iint_lock); out: - if (rc < 0) { + if (rc < 0) kmem_cache_free(iint_cache, iint); - if (rc == -EEXIST) { - spin_lock(&ima_iint_lock); - iint = radix_tree_lookup(&ima_iint_store, - (unsigned long)inode); - spin_unlock(&ima_iint_lock); - } else - iint = NULL; - } - radix_tree_preload_end(); - return iint; -} - -/** - * ima_inode_alloc - allocate an iint associated with an inode - * @inode: pointer to the inode - */ -int ima_inode_alloc(struct inode *inode) -{ - struct ima_iint_cache *iint; - - if (!ima_initialized) - return 0; - - iint = ima_iint_insert(inode); - if (!iint) - return -ENOMEM; - return 0; -} - -/* ima_iint_find_insert_get - get the iint associated with an inode - * - * Most insertions are done at inode_alloc, except those allocated - * before late_initcall. When the iint does not exist, allocate it, - * initialize and insert it, and increment the iint refcount. - * - * (Can't initialize at security_initcall before any inodes are - * allocated, got to wait at least until proc_init.) - * - * Return the iint. - */ -struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode) -{ - struct ima_iint_cache *iint = NULL; - iint = ima_iint_find_get(inode); - if (iint) - return iint; - - iint = ima_iint_insert(inode); - if (iint) - kref_get(&iint->refcount); + radix_tree_preload_end(); - return iint; + return rc; } -EXPORT_SYMBOL_GPL(ima_iint_find_insert_get); /* iint_free - called when the iint refcount goes to zero */ void iint_free(struct kref *kref) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index b85e61bcf246..96fafc01e2c7 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -161,7 +161,7 @@ int ima_path_check(struct path *path, int mask, int update_counts) if (!ima_initialized || !S_ISREG(inode->i_mode)) return 0; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return 0; @@ -219,7 +219,7 @@ static int process_measurement(struct file *file, const unsigned char *filename, if (!ima_initialized || !S_ISREG(inode->i_mode)) return 0; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return -ENOMEM; @@ -255,7 +255,7 @@ void ima_counts_put(struct path *path, int mask) */ if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) return; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return; @@ -286,7 +286,7 @@ void ima_counts_get(struct file *file) if (!ima_initialized || !S_ISREG(inode->i_mode)) return; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return; mutex_lock(&iint->mutex); -- cgit v1.2.1 From e0d5bd2aec4e69e720ee86958503923cafb45be5 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:48:00 -0500 Subject: IMA: clean up the IMA counts updating code We currently have a lot of duplicated code around ima file counts. Clean that all up. Signed-off-by: Eric Paris Acked-by: Serge Hallyn Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_main.c | 118 ++++++++++++++++++++++---------------- 2 files changed, 70 insertions(+), 49 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 349aabc83297..268ef57b9142 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -97,7 +97,6 @@ static inline unsigned long ima_hash_key(u8 *digest) /* iint cache flags */ #define IMA_MEASURED 1 -#define IMA_IINT_DUMP_STACK 512 /* integrity data associated with an inode */ struct ima_iint_cache { diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 96fafc01e2c7..e041233b4d2a 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -13,8 +13,8 @@ * License. * * File: ima_main.c - * implements the IMA hooks: ima_bprm_check, ima_file_mmap, - * and ima_path_check. + * implements the IMA hooks: ima_bprm_check, ima_file_mmap, + * and ima_path_check. */ #include #include @@ -35,6 +35,69 @@ static int __init hash_setup(char *str) } __setup("ima_hash=", hash_setup); +/* + * Update the counts given an fmode_t + */ +static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode) +{ + BUG_ON(!mutex_is_locked(&iint->mutex)); + + iint->opencount++; + if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) + iint->readcount++; + if (mode & FMODE_WRITE) + iint->writecount++; +} + +/* + * Update the counts given open flags instead of fmode + */ +static void ima_inc_counts_flags(struct ima_iint_cache *iint, int flags) +{ + ima_inc_counts(iint, (__force fmode_t)((flags+1) & O_ACCMODE)); +} + +/* + * Decrement ima counts + */ +static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, + fmode_t mode) +{ + BUG_ON(!mutex_is_locked(&iint->mutex)); + + iint->opencount--; + if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) + iint->readcount--; + if (mode & FMODE_WRITE) { + iint->writecount--; + if (iint->writecount == 0) { + if (iint->version != inode->i_version) + iint->flags &= ~IMA_MEASURED; + } + } + + if ((iint->opencount < 0) || + (iint->readcount < 0) || + (iint->writecount < 0)) { + static int dumped; + + if (dumped) + return; + dumped = 1; + + printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld o:%ld)\n", + __FUNCTION__, iint->readcount, iint->writecount, + iint->opencount); + dump_stack(); + } +} + +static void ima_dec_counts_flags(struct ima_iint_cache *iint, + struct inode *inode, int flags) +{ + ima_dec_counts(iint, inode, (__force fmode_t)((flags+1) & O_ACCMODE)); +} + /** * ima_file_free - called on __fput() * @file: pointer to file structure being freed @@ -54,29 +117,7 @@ void ima_file_free(struct file *file) return; mutex_lock(&iint->mutex); - if (iint->opencount <= 0) { - printk(KERN_INFO - "%s: %s open/free imbalance (r:%ld w:%ld o:%ld f:%ld)\n", - __FUNCTION__, file->f_dentry->d_name.name, - iint->readcount, iint->writecount, - iint->opencount, atomic_long_read(&file->f_count)); - if (!(iint->flags & IMA_IINT_DUMP_STACK)) { - dump_stack(); - iint->flags |= IMA_IINT_DUMP_STACK; - } - } - iint->opencount--; - - if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) - iint->readcount--; - - if (file->f_mode & FMODE_WRITE) { - iint->writecount--; - if (iint->writecount == 0) { - if (iint->version != inode->i_version) - iint->flags &= ~IMA_MEASURED; - } - } + ima_dec_counts(iint, inode, file->f_mode); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); } @@ -116,8 +157,7 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, { int rc = 0; - iint->opencount++; - iint->readcount++; + ima_inc_counts(iint, file->f_mode); rc = ima_collect_measurement(iint, file); if (!rc) @@ -125,15 +165,6 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, return rc; } -static void ima_update_counts(struct ima_iint_cache *iint, int mask) -{ - iint->opencount++; - if ((mask & MAY_WRITE) || (mask == 0)) - iint->writecount++; - else if (mask & (MAY_READ | MAY_EXEC)) - iint->readcount++; -} - /** * ima_path_check - based on policy, collect/store measurement. * @path: contains a pointer to the path to be measured @@ -167,7 +198,7 @@ int ima_path_check(struct path *path, int mask, int update_counts) mutex_lock(&iint->mutex); if (update_counts) - ima_update_counts(iint, mask); + ima_inc_counts_flags(iint, mask); rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); if (rc < 0) @@ -260,11 +291,7 @@ void ima_counts_put(struct path *path, int mask) return; mutex_lock(&iint->mutex); - iint->opencount--; - if ((mask & MAY_WRITE) || (mask == 0)) - iint->writecount--; - else if (mask & (MAY_READ | MAY_EXEC)) - iint->readcount--; + ima_dec_counts_flags(iint, inode, mask); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); @@ -290,12 +317,7 @@ void ima_counts_get(struct file *file) if (!iint) return; mutex_lock(&iint->mutex); - iint->opencount++; - if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) - iint->readcount++; - - if (file->f_mode & FMODE_WRITE) - iint->writecount++; + ima_inc_counts(iint, file->f_mode); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); -- cgit v1.2.1 From 85a17f552dfe77efb44b971615e4f221a5f28f37 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:48:08 -0500 Subject: ima: call ima_inode_free ima_inode_free ima_inode_free() has some funky #define just to confuse the crap out of me. void ima_iint_delete(struct inode *inode) and then things actually call ima_inode_free() and nothing calls ima_iint_delete(). Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_iint.c | 6 ++---- 2 files changed, 2 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 268ef57b9142..c41afe6639a0 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -127,7 +127,6 @@ void ima_template_show(struct seq_file *m, void *e, */ struct ima_iint_cache *ima_iint_insert(struct inode *inode); struct ima_iint_cache *ima_iint_find_get(struct inode *inode); -void ima_iint_delete(struct inode *inode); void iint_free(struct kref *kref); void iint_rcu_free(struct rcu_head *rcu); diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 2f6ab5258b1e..fa592ff1ac1c 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -19,8 +19,6 @@ #include #include "ima.h" -#define ima_iint_delete ima_inode_free - RADIX_TREE(ima_iint_store, GFP_ATOMIC); DEFINE_SPINLOCK(ima_iint_lock); @@ -111,12 +109,12 @@ void iint_rcu_free(struct rcu_head *rcu_head) } /** - * ima_iint_delete - called on integrity_inode_free + * ima_inode_free - called on security_inode_free * @inode: pointer to the inode * * Free the integrity information(iint) associated with an inode. */ -void ima_iint_delete(struct inode *inode) +void ima_inode_free(struct inode *inode) { struct ima_iint_cache *iint; -- cgit v1.2.1 From 1429b3eca23818f87f9fa569a15d9816de81f698 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 16 Dec 2009 06:38:01 -0500 Subject: Untangling ima mess, part 3: kill dead code in ima Kill the 'update' argument of ima_path_check(), kill dead code in ima. Current rules: ima counters are bumped at the same time when the file switches from put_filp() fodder to fput() one. Which happens exactly in two places - alloc_file() and __dentry_open(). Nothing else needs to do that at all. Signed-off-by: Al Viro --- security/integrity/ima/ima_main.c | 52 +++------------------------------------ 1 file changed, 4 insertions(+), 48 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e041233b4d2a..16dc57d247d0 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -49,20 +49,13 @@ static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode) iint->writecount++; } -/* - * Update the counts given open flags instead of fmode - */ -static void ima_inc_counts_flags(struct ima_iint_cache *iint, int flags) -{ - ima_inc_counts(iint, (__force fmode_t)((flags+1) & O_ACCMODE)); -} - /* * Decrement ima counts */ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, - fmode_t mode) + struct file *file) { + mode_t mode = file->f_mode; BUG_ON(!mutex_is_locked(&iint->mutex)); iint->opencount--; @@ -92,12 +85,6 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, } } -static void ima_dec_counts_flags(struct ima_iint_cache *iint, - struct inode *inode, int flags) -{ - ima_dec_counts(iint, inode, (__force fmode_t)((flags+1) & O_ACCMODE)); -} - /** * ima_file_free - called on __fput() * @file: pointer to file structure being freed @@ -117,7 +104,7 @@ void ima_file_free(struct file *file) return; mutex_lock(&iint->mutex); - ima_dec_counts(iint, inode, file->f_mode); + ima_dec_counts(iint, inode, file); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); } @@ -183,7 +170,7 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, * Always return 0 and audit dentry_open failures. * (Return code will be based upon measurement appraisal.) */ -int ima_path_check(struct path *path, int mask, int update_counts) +int ima_path_check(struct path *path, int mask) { struct inode *inode = path->dentry->d_inode; struct ima_iint_cache *iint; @@ -197,8 +184,6 @@ int ima_path_check(struct path *path, int mask, int update_counts) return 0; mutex_lock(&iint->mutex); - if (update_counts) - ima_inc_counts_flags(iint, mask); rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); if (rc < 0) @@ -268,35 +253,6 @@ out: return rc; } -/* - * ima_counts_put - decrement file counts - * - * File counts are incremented in ima_path_check. On file open - * error, such as ETXTBSY, decrement the counts to prevent - * unnecessary imbalance messages. - */ -void ima_counts_put(struct path *path, int mask) -{ - struct inode *inode = path->dentry->d_inode; - struct ima_iint_cache *iint; - - /* The inode may already have been freed, freeing the iint - * with it. Verify the inode is not NULL before dereferencing - * it. - */ - if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) - return; - iint = ima_iint_find_get(inode); - if (!iint) - return; - - mutex_lock(&iint->mutex); - ima_dec_counts_flags(iint, inode, mask); - mutex_unlock(&iint->mutex); - - kref_put(&iint->refcount, iint_free); -} - /* * ima_counts_get - increment file counts * -- cgit v1.2.1 From d1625436b4fe526fa463bc0519ba37d7e4b37bbc Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Fri, 4 Dec 2009 15:48:40 -0500 Subject: ima: limit imbalance msg Limit the number of imbalance messages to once per filesystem type instead of once per system boot. (it's actually slightly racy and could give you a couple per fs, but this isn't a real issue) Signed-off-by: Mimi Zohar Signed-off-by: Al Viro --- security/integrity/ima/ima_main.c | 62 +++++++++++++++++++++++++++++++++------ 1 file changed, 53 insertions(+), 9 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 16dc57d247d0..a89f44d5e030 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -35,6 +35,55 @@ static int __init hash_setup(char *str) } __setup("ima_hash=", hash_setup); +struct ima_imbalance { + struct hlist_node node; + unsigned long fsmagic; +}; + +/* + * ima_limit_imbalance - emit one imbalance message per filesystem type + * + * Maintain list of filesystem types that do not measure files properly. + * Return false if unknown, true if known. + */ +static bool ima_limit_imbalance(struct file *file) +{ + static DEFINE_SPINLOCK(ima_imbalance_lock); + static HLIST_HEAD(ima_imbalance_list); + + struct super_block *sb = file->f_dentry->d_sb; + struct ima_imbalance *entry; + struct hlist_node *node; + bool found = false; + + rcu_read_lock(); + hlist_for_each_entry_rcu(entry, node, &ima_imbalance_list, node) { + if (entry->fsmagic == sb->s_magic) { + found = true; + break; + } + } + rcu_read_unlock(); + if (found) + goto out; + + entry = kmalloc(sizeof(*entry), GFP_NOFS); + if (!entry) + goto out; + entry->fsmagic = sb->s_magic; + spin_lock(&ima_imbalance_lock); + /* + * we could have raced and something else might have added this fs + * to the list, but we don't really care + */ + hlist_add_head_rcu(&entry->node, &ima_imbalance_list); + spin_unlock(&ima_imbalance_lock); + printk(KERN_INFO "IMA: unmeasured files on fsmagic: %lX\n", + entry->fsmagic); +out: + return found; +} + /* * Update the counts given an fmode_t */ @@ -69,15 +118,10 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, } } - if ((iint->opencount < 0) || - (iint->readcount < 0) || - (iint->writecount < 0)) { - static int dumped; - - if (dumped) - return; - dumped = 1; - + if (((iint->opencount < 0) || + (iint->readcount < 0) || + (iint->writecount < 0)) && + !ima_limit_imbalance(file)) { printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld o:%ld)\n", __FUNCTION__, iint->readcount, iint->writecount, iint->opencount); -- cgit v1.2.1 From fa1cc7b5a5c4171dfdcac855428295340ccf87ec Mon Sep 17 00:00:00 2001 From: Roel Kluin Date: Tue, 15 Dec 2009 15:05:12 -0800 Subject: keys: PTR_ERR return of wrong pointer in keyctl_get_security() Return the PTR_ERR of the correct pointer. Signed-off-by: Roel Kluin Signed-off-by: Andrew Morton Acked-by: David Howells Signed-off-by: James Morris --- security/keys/keyctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 06ec722897be..5f830bc6f287 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1194,7 +1194,7 @@ long keyctl_get_security(key_serial_t keyid, * have the authorisation token handy */ instkey = key_get_instantiation_authkey(keyid); if (IS_ERR(instkey)) - return PTR_ERR(key_ref); + return PTR_ERR(instkey); key_put(instkey); key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); -- cgit v1.2.1 From dd880fbe8e4792d1185a5101dc751f49eab0a509 Mon Sep 17 00:00:00 2001 From: H Hartley Sweeten Date: Tue, 15 Dec 2009 15:05:12 -0800 Subject: security/min_addr.c: make init_mmap_min_addr() static init_mmap_min_addr() is a pure_initcall and should be static. Signed-off-by: H Hartley Sweeten Signed-off-by: Andrew Morton Signed-off-by: James Morris --- security/min_addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/min_addr.c b/security/min_addr.c index fc43c9d37084..e86f297522bf 100644 --- a/security/min_addr.c +++ b/security/min_addr.c @@ -43,7 +43,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write, return ret; } -int __init init_mmap_min_addr(void) +static int __init init_mmap_min_addr(void) { update_mmap_min_addr(); -- cgit v1.2.1 From 6e1415467614e854fee660ff6648bd10fa976e95 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Dec 2009 19:27:45 +0000 Subject: NOMMU: Optimise away the {dac_,}mmap_min_addr tests In NOMMU mode clamp dac_mmap_min_addr to zero to cause the tests on it to be skipped by the compiler. We do this as the minimum mmap address doesn't make any sense in NOMMU mode. mmap_min_addr and round_hint_to_min() can be discarded entirely in NOMMU mode. Signed-off-by: David Howells Acked-by: Eric Paris Signed-off-by: James Morris --- security/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'security') diff --git a/security/Makefile b/security/Makefile index bb44e350c618..da20a193c8dd 100644 --- a/security/Makefile +++ b/security/Makefile @@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo # always enable default capabilities -obj-y += commoncap.o min_addr.o +obj-y += commoncap.o +obj-$(CONFIG_MMU) += min_addr.o # Object file lists obj-$(CONFIG_SECURITY) += security.o capability.o -- cgit v1.2.1 From a00ae4d21b2fa9379914f270ffffd8d3bec55430 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Sun, 13 Dec 2009 20:21:34 +0100 Subject: Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support As of commit ee18d64c1f632043a02e6f5ba5e045bb26a5465f ("KEYS: Add a keyctl to install a process's session keyring on its parent [try #6]"), CONFIG_KEYS=y fails to build on architectures that haven't implemented TIF_NOTIFY_RESUME yet: security/keys/keyctl.c: In function 'keyctl_session_to_parent': security/keys/keyctl.c:1312: error: 'TIF_NOTIFY_RESUME' undeclared (first use in this function) security/keys/keyctl.c:1312: error: (Each undeclared identifier is reported only once security/keys/keyctl.c:1312: error: for each function it appears in.) Make KEYCTL_SESSION_TO_PARENT depend on TIF_NOTIFY_RESUME until m68k, and xtensa have implemented it. Signed-off-by: Geert Uytterhoeven Signed-off-by: James Morris Acked-by: Mike Frysinger --- security/keys/keyctl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'security') diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 5f830bc6f287..e9c2e7c584d9 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid, */ long keyctl_session_to_parent(void) { +#ifdef TIF_NOTIFY_RESUME struct task_struct *me, *parent; const struct cred *mycred, *pcred; struct cred *cred, *oldcred; @@ -1326,6 +1327,15 @@ not_permitted: error_keyring: key_ref_put(keyring_r); return ret; + +#else /* !TIF_NOTIFY_RESUME */ + /* + * To be removed when TIF_NOTIFY_RESUME has been implemented on + * m68k/xtensa + */ +#warning TIF_NOTIFY_RESUME not implemented + return -EOPNOTSUPP; +#endif /* !TIF_NOTIFY_RESUME */ } /*****************************************************************************/ -- cgit v1.2.1 From 5300990c0370e804e49d9a59d928c5d53fb73487 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 19 Dec 2009 10:15:07 -0500 Subject: Sanitize f_flags helpers * pull ACC_MODE to fs.h; we have several copies all over the place * nightmarish expression calculating f_mode by f_flags deserves a helper too (OPEN_FMODE(flags)) Signed-off-by: Al Viro --- security/tomoyo/file.c | 1 - 1 file changed, 1 deletion(-) (limited to 'security') diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 8346938809b1..9a6c58881c0a 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -12,7 +12,6 @@ #include "common.h" #include "tomoyo.h" #include "realpath.h" -#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) /* * tomoyo_globally_readable_file_entry is a structure which is used for holding -- cgit v1.2.1 From 17740d89785aeb4143770923d67c293849414710 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Fri, 28 Aug 2009 10:47:16 +0200 Subject: SECURITY: selinux, fix update_rlimit_cpu parameter Don't pass current RLIMIT_RTTIME to update_rlimit_cpu() in selinux_bprm_committing_creds, since update_rlimit_cpu expects RLIMIT_CPU limit. Use proper rlim[RLIMIT_CPU].rlim_cur instead to fix that. Signed-off-by: Jiri Slaby Acked-by: James Morris Cc: Stephen Smalley Cc: Eric Paris Cc: David Howells --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7a374c2eb043..9a2ee845e9d4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2365,7 +2365,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) initrlim = init_task.signal->rlim + i; rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); } - update_rlimit_cpu(rlim->rlim_cur); + update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur); } } -- cgit v1.2.1 From 6d125529c6cbfe570ce3bf9a0728548f087499da Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2009 06:58:56 -0500 Subject: Fix ACC_MODE() for real commit 5300990c0370e804e49d9a59d928c5d53fb73487 had stepped on a rather nasty mess: definitions of ACC_MODE used to be different. Fixed the resulting breakage, converting them to variant that takes O_... value; all callers have that and it actually simplifies life (see tomoyo part of changes). Signed-off-by: Al Viro --- security/tomoyo/tomoyo.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'security') diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 8a00ade85166..2aceebf5f354 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -80,9 +80,8 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) return tomoyo_find_next_domain(bprm); /* * Read permission is checked against interpreters using next domain. - * '1' is the result of open_to_namei_flags(O_RDONLY). */ - return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1); + return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY); } static int tomoyo_path_truncate(struct path *path, loff_t length, @@ -184,10 +183,6 @@ static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, static int tomoyo_dentry_open(struct file *f, const struct cred *cred) { int flags = f->f_flags; - - if ((flags + 1) & O_ACCMODE) - flags++; - flags |= f->f_flags & (O_APPEND | O_TRUNC); /* Don't check read permission here if called from do_execve(). */ if (current->in_execve) return 0; -- cgit v1.2.1 From ef52c75e4b1603f6e6102967ad90118205168eae Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 25 Jan 2010 04:50:43 -0500 Subject: get rid of pointless checks after simple_pin_fs() if we'd just got success from it, vfsmount won't be NULL Signed-off-by: Al Viro --- security/inode.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) (limited to 'security') diff --git a/security/inode.c b/security/inode.c index f7496c6a022b..c3a793881d04 100644 --- a/security/inode.c +++ b/security/inode.c @@ -156,15 +156,8 @@ static int create_by_name(const char *name, mode_t mode, * block. A pointer to that is in the struct vfsmount that we * have around. */ - if (!parent ) { - if (mount && mount->mnt_sb) { - parent = mount->mnt_sb->s_root; - } - } - if (!parent) { - pr_debug("securityfs: Ah! can not find a parent!\n"); - return -EFAULT; - } + if (!parent) + parent = mount->mnt_sb->s_root; mutex_lock(&parent->d_inode->i_mutex); *dentry = lookup_one_len(name, parent, strlen(name)); -- cgit v1.2.1 From 8eb988c70e7709b7bd1a69f0ec53d19ac20dea84 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Wed, 20 Jan 2010 15:35:41 -0500 Subject: fix ima breakage The "Untangling ima mess, part 2 with counters" patch messed up the counters. Based on conversations with Al Viro, this patch streamlines ima_path_check() by removing the counter maintaince. The counters are now updated independently, from measuring the file, in __dentry_open() and alloc_file() by calling ima_counts_get(). ima_path_check() is called from nfsd and do_filp_open(). It also did not measure all files that should have been measured. Reason: ima_path_check() got bogus value passed as mask. [AV: mea culpa] [AV: add missing nfsd bits] Signed-off-by: Mimi Zohar Signed-off-by: Al Viro --- security/integrity/ima/ima_main.c | 236 +++++++++++++++----------------------- 1 file changed, 92 insertions(+), 144 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index a89f44d5e030..75aee18f6163 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -84,6 +84,36 @@ out: return found; } +/* ima_read_write_check - reflect possible reading/writing errors in the PCR. + * + * When opening a file for read, if the file is already open for write, + * the file could change, resulting in a file measurement error. + * + * Opening a file for write, if the file is already open for read, results + * in a time of measure, time of use (ToMToU) error. + * + * In either case invalidate the PCR. + */ +enum iint_pcr_error { TOMTOU, OPEN_WRITERS }; +static void ima_read_write_check(enum iint_pcr_error error, + struct ima_iint_cache *iint, + struct inode *inode, + const unsigned char *filename) +{ + switch (error) { + case TOMTOU: + if (iint->readcount > 0) + ima_add_violation(inode, filename, "invalid_pcr", + "ToMToU"); + break; + case OPEN_WRITERS: + if (iint->writecount > 0) + ima_add_violation(inode, filename, "invalid_pcr", + "open_writers"); + break; + } +} + /* * Update the counts given an fmode_t */ @@ -98,6 +128,47 @@ static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode) iint->writecount++; } +/* + * ima_counts_get - increment file counts + * + * Maintain read/write counters for all files, but only + * invalidate the PCR for measured files: + * - Opening a file for write when already open for read, + * results in a time of measure, time of use (ToMToU) error. + * - Opening a file for read when already open for write, + * could result in a file measurement error. + * + */ +void ima_counts_get(struct file *file) +{ + struct dentry *dentry = file->f_path.dentry; + struct inode *inode = dentry->d_inode; + fmode_t mode = file->f_mode; + struct ima_iint_cache *iint; + int rc; + + if (!ima_initialized || !S_ISREG(inode->i_mode)) + return; + iint = ima_iint_find_get(inode); + if (!iint) + return; + mutex_lock(&iint->mutex); + rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); + if (rc < 0) + goto out; + + if (mode & FMODE_WRITE) { + ima_read_write_check(TOMTOU, iint, inode, dentry->d_name.name); + goto out; + } + ima_read_write_check(OPEN_WRITERS, iint, inode, dentry->d_name.name); +out: + ima_inc_counts(iint, file->f_mode); + mutex_unlock(&iint->mutex); + + kref_put(&iint->refcount, iint_free); +} + /* * Decrement ima counts */ @@ -153,123 +224,6 @@ void ima_file_free(struct file *file) kref_put(&iint->refcount, iint_free); } -/* ima_read_write_check - reflect possible reading/writing errors in the PCR. - * - * When opening a file for read, if the file is already open for write, - * the file could change, resulting in a file measurement error. - * - * Opening a file for write, if the file is already open for read, results - * in a time of measure, time of use (ToMToU) error. - * - * In either case invalidate the PCR. - */ -enum iint_pcr_error { TOMTOU, OPEN_WRITERS }; -static void ima_read_write_check(enum iint_pcr_error error, - struct ima_iint_cache *iint, - struct inode *inode, - const unsigned char *filename) -{ - switch (error) { - case TOMTOU: - if (iint->readcount > 0) - ima_add_violation(inode, filename, "invalid_pcr", - "ToMToU"); - break; - case OPEN_WRITERS: - if (iint->writecount > 0) - ima_add_violation(inode, filename, "invalid_pcr", - "open_writers"); - break; - } -} - -static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, - const unsigned char *filename) -{ - int rc = 0; - - ima_inc_counts(iint, file->f_mode); - - rc = ima_collect_measurement(iint, file); - if (!rc) - ima_store_measurement(iint, file, filename); - return rc; -} - -/** - * ima_path_check - based on policy, collect/store measurement. - * @path: contains a pointer to the path to be measured - * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE - * - * Measure the file being open for readonly, based on the - * ima_must_measure() policy decision. - * - * Keep read/write counters for all files, but only - * invalidate the PCR for measured files: - * - Opening a file for write when already open for read, - * results in a time of measure, time of use (ToMToU) error. - * - Opening a file for read when already open for write, - * could result in a file measurement error. - * - * Always return 0 and audit dentry_open failures. - * (Return code will be based upon measurement appraisal.) - */ -int ima_path_check(struct path *path, int mask) -{ - struct inode *inode = path->dentry->d_inode; - struct ima_iint_cache *iint; - struct file *file = NULL; - int rc; - - if (!ima_initialized || !S_ISREG(inode->i_mode)) - return 0; - iint = ima_iint_find_get(inode); - if (!iint) - return 0; - - mutex_lock(&iint->mutex); - - rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); - if (rc < 0) - goto out; - - if ((mask & MAY_WRITE) || (mask == 0)) - ima_read_write_check(TOMTOU, iint, inode, - path->dentry->d_name.name); - - if ((mask & (MAY_WRITE | MAY_READ | MAY_EXEC)) != MAY_READ) - goto out; - - ima_read_write_check(OPEN_WRITERS, iint, inode, - path->dentry->d_name.name); - if (!(iint->flags & IMA_MEASURED)) { - struct dentry *dentry = dget(path->dentry); - struct vfsmount *mnt = mntget(path->mnt); - - file = dentry_open(dentry, mnt, O_RDONLY | O_LARGEFILE, - current_cred()); - if (IS_ERR(file)) { - int audit_info = 0; - - integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, - dentry->d_name.name, - "add_measurement", - "dentry_open failed", - 1, audit_info); - file = NULL; - goto out; - } - rc = get_path_measurement(iint, file, dentry->d_name.name); - } -out: - mutex_unlock(&iint->mutex); - if (file) - fput(file); - kref_put(&iint->refcount, iint_free); - return 0; -} -EXPORT_SYMBOL_GPL(ima_path_check); - static int process_measurement(struct file *file, const unsigned char *filename, int mask, int function) { @@ -297,33 +251,6 @@ out: return rc; } -/* - * ima_counts_get - increment file counts - * - * - for IPC shm and shmat file. - * - for nfsd exported files. - * - * Increment the counts for these files to prevent unnecessary - * imbalance messages. - */ -void ima_counts_get(struct file *file) -{ - struct inode *inode = file->f_dentry->d_inode; - struct ima_iint_cache *iint; - - if (!ima_initialized || !S_ISREG(inode->i_mode)) - return; - iint = ima_iint_find_get(inode); - if (!iint) - return; - mutex_lock(&iint->mutex); - ima_inc_counts(iint, file->f_mode); - mutex_unlock(&iint->mutex); - - kref_put(&iint->refcount, iint_free); -} -EXPORT_SYMBOL_GPL(ima_counts_get); - /** * ima_file_mmap - based on policy, collect/store measurement. * @file: pointer to the file to be measured (May be NULL) @@ -369,6 +296,27 @@ int ima_bprm_check(struct linux_binprm *bprm) return 0; } +/** + * ima_path_check - based on policy, collect/store measurement. + * @file: pointer to the file to be measured + * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE + * + * Measure files based on the ima_must_measure() policy decision. + * + * Always return 0 and audit dentry_open failures. + * (Return code will be based upon measurement appraisal.) + */ +int ima_path_check(struct file *file, int mask) +{ + int rc; + + rc = process_measurement(file, file->f_dentry->d_name.name, + mask & (MAY_READ | MAY_WRITE | MAY_EXEC), + PATH_CHECK); + return 0; +} +EXPORT_SYMBOL_GPL(ima_path_check); + static int __init init_ima(void) { int error; -- cgit v1.2.1 From 54bb6552bd9405dc7685653157a4ec260c77a71c Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 9 Dec 2009 15:29:01 -0500 Subject: ima: initialize ima before inodes can be allocated ima wants to create an inode information struct (iint) when inodes are allocated. This means that at least the part of ima which does this allocation (the allocation is filled with information later) should before any inodes are created. To accomplish this we split the ima initialization routine placing the kmem cache allocator inside a security_initcall() function. Since this makes use of radix trees we also need to make sure that is initialized before security_initcall(). Signed-off-by: Eric Paris Acked-by: Mimi Zohar Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_iint.c | 9 +++------ security/integrity/ima/ima_main.c | 1 - 3 files changed, 3 insertions(+), 8 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c41afe6639a0..aa25a7eb2d0e 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -65,7 +65,6 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, const char *cause, int result, int info); /* Internal IMA function definitions */ -void ima_iintcache_init(void); int ima_init(void); void ima_cleanup(void); int ima_fs_init(void); diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index fa592ff1ac1c..0d83edcfc402 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -52,9 +52,6 @@ int ima_inode_alloc(struct inode *inode) struct ima_iint_cache *iint = NULL; int rc = 0; - if (!ima_initialized) - return 0; - iint = kmem_cache_alloc(iint_cache, GFP_NOFS); if (!iint) return -ENOMEM; @@ -118,8 +115,6 @@ void ima_inode_free(struct inode *inode) { struct ima_iint_cache *iint; - if (!ima_initialized) - return; spin_lock(&ima_iint_lock); iint = radix_tree_delete(&ima_iint_store, (unsigned long)inode); spin_unlock(&ima_iint_lock); @@ -141,9 +136,11 @@ static void init_once(void *foo) kref_set(&iint->refcount, 1); } -void __init ima_iintcache_init(void) +static int __init ima_iintcache_init(void) { iint_cache = kmem_cache_create("iint_cache", sizeof(struct ima_iint_cache), 0, SLAB_PANIC, init_once); + return 0; } +security_initcall(ima_iintcache_init); diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 75aee18f6163..eb1cf6498cc9 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -321,7 +321,6 @@ static int __init init_ima(void) { int error; - ima_iintcache_init(); error = ima_init(); ima_initialized = 1; return error; -- cgit v1.2.1 From 9bbb6cad0173e6220f3ac609e26beb48dab3b7cd Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Tue, 26 Jan 2010 17:02:40 -0500 Subject: ima: rename ima_path_check to ima_file_check ima_path_check actually deals with files! call it ima_file_check instead. Signed-off-by: Eric Paris Acked-by: Mimi Zohar Signed-off-by: Al Viro --- security/integrity/ima/ima_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index eb1cf6498cc9..b76e1f03ea2b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -14,7 +14,7 @@ * * File: ima_main.c * implements the IMA hooks: ima_bprm_check, ima_file_mmap, - * and ima_path_check. + * and ima_file_check. */ #include #include @@ -306,7 +306,7 @@ int ima_bprm_check(struct linux_binprm *bprm) * Always return 0 and audit dentry_open failures. * (Return code will be based upon measurement appraisal.) */ -int ima_path_check(struct file *file, int mask) +int ima_file_check(struct file *file, int mask) { int rc; @@ -315,7 +315,7 @@ int ima_path_check(struct file *file, int mask) PATH_CHECK); return 0; } -EXPORT_SYMBOL_GPL(ima_path_check); +EXPORT_SYMBOL_GPL(ima_file_check); static int __init init_ima(void) { -- cgit v1.2.1 From 1e93d0052d9a6b3d0b382eedceb18b519d603baf Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Tue, 26 Jan 2010 17:02:41 -0500 Subject: ima: rename PATH_CHECK to FILE_CHECK With the movement of the ima hooks functions were renamed from *path* to *file* since they always deal with struct file. This patch renames some of the ima internal flags to make them consistent with the rest of the code. Signed-off-by: Mimi Zohar Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_api.c | 4 ++-- security/integrity/ima/ima_main.c | 4 ++-- security/integrity/ima/ima_policy.c | 9 ++++++--- 4 files changed, 11 insertions(+), 8 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index aa25a7eb2d0e..47fb65d1fcbd 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -130,7 +130,7 @@ void iint_free(struct kref *kref); void iint_rcu_free(struct rcu_head *rcu); /* IMA policy related functions */ -enum ima_hooks { PATH_CHECK = 1, FILE_MMAP, BPRM_CHECK }; +enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK }; int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask); void ima_init_policy(void); diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 3cd58b60afd2..2a5e0bcf3887 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -95,12 +95,12 @@ err_out: * ima_must_measure - measure decision based on policy. * @inode: pointer to inode to measure * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) - * @function: calling function (PATH_CHECK, BPRM_CHECK, FILE_MMAP) + * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP) * * The policy is defined in terms of keypairs: * subj=, obj=, type=, func=, mask=, fsmagic= * subj,obj, and type: are LSM specific. - * func: PATH_CHECK | BPRM_CHECK | FILE_MMAP + * func: FILE_CHECK | BPRM_CHECK | FILE_MMAP * mask: contains the permission mask * fsmagic: hex value * diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index b76e1f03ea2b..294b005d6520 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -153,7 +153,7 @@ void ima_counts_get(struct file *file) if (!iint) return; mutex_lock(&iint->mutex); - rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); + rc = ima_must_measure(iint, inode, MAY_READ, FILE_CHECK); if (rc < 0) goto out; @@ -312,7 +312,7 @@ int ima_file_check(struct file *file, int mask) rc = process_measurement(file, file->f_dentry->d_name.name, mask & (MAY_READ | MAY_WRITE | MAY_EXEC), - PATH_CHECK); + FILE_CHECK); return 0; } EXPORT_SYMBOL_GPL(ima_file_check); diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index e1278399b345..4759d0f99335 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -67,7 +67,7 @@ static struct ima_measure_rule_entry default_rules[] = { .flags = IMA_FUNC | IMA_MASK}, {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, .flags = IMA_FUNC | IMA_MASK}, - {.action = MEASURE,.func = PATH_CHECK,.mask = MAY_READ,.uid = 0, + {.action = MEASURE,.func = FILE_CHECK,.mask = MAY_READ,.uid = 0, .flags = IMA_FUNC | IMA_MASK | IMA_UID}, }; @@ -282,8 +282,11 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) break; case Opt_func: audit_log_format(ab, "func=%s ", args[0].from); - if (strcmp(args[0].from, "PATH_CHECK") == 0) - entry->func = PATH_CHECK; + if (strcmp(args[0].from, "FILE_CHECK") == 0) + entry->func = FILE_CHECK; + /* PATH_CHECK is for backwards compat */ + else if (strcmp(args[0].from, "PATH_CHECK") == 0) + entry->func = FILE_CHECK; else if (strcmp(args[0].from, "FILE_MMAP") == 0) entry->func = FILE_MMAP; else if (strcmp(args[0].from, "BPRM_CHECK") == 0) -- cgit v1.2.1 From 89068c576bf324ef6fbd50dfc745148f7def202c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 7 Feb 2010 03:07:29 -0500 Subject: Take ima_file_free() to proper place. Hooks: Just Say No. Signed-off-by: Al Viro --- security/security.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'security') diff --git a/security/security.c b/security/security.c index 24e060be9fa5..122b748d0f4c 100644 --- a/security/security.c +++ b/security/security.c @@ -666,8 +666,6 @@ int security_file_alloc(struct file *file) void security_file_free(struct file *file) { security_ops->file_free_security(file); - if (file->f_dentry) - ima_file_free(file); } int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) -- cgit v1.2.1