Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history 
yaml
---
r: 352875
b: refs/heads/master
c: 85865c1
h: refs/heads/master
i:
  352873: 1180d9d
  352871: e4edcb0
v: v3
  • Loading branch information
Dmitry Kasatkin authored and Mimi Zohar committed Feb 6, 2013
1 parent 385c0ae commit 7961d8e
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 3 deletions.
2 changes: 1 addition & 1 deletion [refs]
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: 74de66842473bdafa798010e58f1999ec70a8983
refs/heads/master: 85865c1fa189fcba49089e6254a0226f2269bebc
4 changes: 3 additions & 1 deletion trunk/Documentation/ABI/testing/ima_policy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,16 @@ Description:

action: measure | dont_measure | appraise | dont_appraise | audit
condition:= base | lsm [option]
base: [[func=] [mask=] [fsmagic=] [uid=] [fowner]]
base: [[func=] [mask=] [fsmagic=] [fsuuid=] [uid=]
[fowner]]
lsm: [[subj_user=] [subj_role=] [subj_type=]
[obj_user=] [obj_role=] [obj_type=]]
option: [[appraise_type=]]

base: func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK]
mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
fsmagic:= hex value
fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
uid:= decimal value
fowner:=decimal value
lsm: are LSM specific
Expand Down
22 changes: 21 additions & 1 deletion trunk/security/integrity/ima/ima_policy.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
#include <linux/magic.h>
#include <linux/parser.h>
#include <linux/slab.h>
#include <linux/genhd.h>

#include "ima.h"

Expand All @@ -25,6 +26,7 @@
#define IMA_FSMAGIC 0x0004
#define IMA_UID 0x0008
#define IMA_FOWNER 0x0010
#define IMA_FSUUID 0x0020

#define UNKNOWN 0
#define MEASURE 0x0001 /* same as IMA_MEASURE */
Expand All @@ -45,6 +47,7 @@ struct ima_rule_entry {
enum ima_hooks func;
int mask;
unsigned long fsmagic;
u8 fsuuid[16];
kuid_t uid;
kuid_t fowner;
struct {
Expand Down Expand Up @@ -172,6 +175,9 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
if ((rule->flags & IMA_FSMAGIC)
&& rule->fsmagic != inode->i_sb->s_magic)
return false;
if ((rule->flags & IMA_FSUUID) &&
memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
return false;
if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
return false;
if ((rule->flags & IMA_FOWNER) && !uid_eq(rule->fowner, inode->i_uid))
Expand Down Expand Up @@ -346,7 +352,7 @@ enum {
Opt_obj_user, Opt_obj_role, Opt_obj_type,
Opt_subj_user, Opt_subj_role, Opt_subj_type,
Opt_func, Opt_mask, Opt_fsmagic, Opt_uid, Opt_fowner,
Opt_appraise_type
Opt_appraise_type, Opt_fsuuid
};

static match_table_t policy_tokens = {
Expand All @@ -364,6 +370,7 @@ static match_table_t policy_tokens = {
{Opt_func, "func=%s"},
{Opt_mask, "mask=%s"},
{Opt_fsmagic, "fsmagic=%s"},
{Opt_fsuuid, "fsuuid=%s"},
{Opt_uid, "uid=%s"},
{Opt_fowner, "fowner=%s"},
{Opt_appraise_type, "appraise_type=%s"},
Expand Down Expand Up @@ -519,6 +526,19 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
if (!result)
entry->flags |= IMA_FSMAGIC;
break;
case Opt_fsuuid:
ima_log_string(ab, "fsuuid", args[0].from);

if (memchr_inv(entry->fsuuid, 0x00,
sizeof(entry->fsuuid))) {
result = -EINVAL;
break;
}

part_pack_uuid(args[0].from, entry->fsuuid);
entry->flags |= IMA_FSUUID;
result = 0;
break;
case Opt_uid:
ima_log_string(ab, "uid", args[0].from);

Expand Down

0 comments on commit 7961d8e

Please sign in to comment.