c05564c4d8
Android 13
301 lines
6.8 KiB
C
Executable file
301 lines
6.8 KiB
C
Executable file
/*
|
|
* This code is based on IMA's code
|
|
*
|
|
* Copyright (C) 2016 Samsung Electronics, Inc.
|
|
*
|
|
* Egor Uleyskiy, <e.uleyskiy@samsung.com>
|
|
* Viacheslav Vovchenko <v.vovchenko@samsung.com>
|
|
* Yevgen Kopylov <y.kopylov@samsung.com>
|
|
*
|
|
* This software is licensed under the terms of the GNU General Public
|
|
* License version 2, as published by the Free Software Foundation, and
|
|
* may be copied, distributed, and modified under those terms.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/file.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/magic.h>
|
|
#include <crypto/hash_info.h>
|
|
|
|
#include <linux/task_integrity.h>
|
|
#include "five.h"
|
|
#include "five_audit.h"
|
|
#include "five_hooks.h"
|
|
#include "five_tee_api.h"
|
|
#include "five_porting.h"
|
|
#include "five_cache.h"
|
|
#include "five_dmverity.h"
|
|
|
|
int five_read_xattr(struct dentry *dentry, char **xattr_value)
|
|
{
|
|
ssize_t ret;
|
|
|
|
ret = vfs_getxattr_alloc(dentry, XATTR_NAME_FIVE, xattr_value,
|
|
0, GFP_NOFS);
|
|
if (ret < 0)
|
|
ret = 0;
|
|
|
|
return ret;
|
|
}
|
|
|
|
static bool bad_fs(struct inode *inode)
|
|
{
|
|
if (inode->i_sb->s_magic == EXT4_SUPER_MAGIC ||
|
|
inode->i_sb->s_magic == F2FS_SUPER_MAGIC ||
|
|
inode->i_sb->s_magic == OVERLAYFS_SUPER_MAGIC ||
|
|
inode->i_sb->s_magic == EROFS_SUPER_MAGIC_V1)
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
static bool readonly_sb(struct inode *inode)
|
|
{
|
|
if (inode->i_sb->s_flags & MS_RDONLY)
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* five_is_fsverity_protected - checks if file is protected by FSVERITY
|
|
*
|
|
* Return true/false
|
|
*/
|
|
static bool five_is_fsverity_protected(const struct inode *inode)
|
|
{
|
|
return IS_VERITY(inode);
|
|
}
|
|
|
|
/*
|
|
* five_appraise_measurement - appraise file measurement
|
|
*
|
|
* Return 0 on success, error code otherwise
|
|
*/
|
|
int five_appraise_measurement(struct task_struct *task, int func,
|
|
struct integrity_iint_cache *iint,
|
|
struct file *file,
|
|
struct five_cert *cert)
|
|
{
|
|
enum task_integrity_reset_cause cause = CAUSE_UNKNOWN;
|
|
struct dentry *dentry = NULL;
|
|
struct inode *inode = NULL;
|
|
enum five_file_integrity status = FIVE_FILE_UNKNOWN;
|
|
enum task_integrity_value prev_integrity;
|
|
int rc = 0;
|
|
|
|
BUG_ON(!task || !iint || !file);
|
|
|
|
prev_integrity = task_integrity_read(TASK_INTEGRITY(task));
|
|
dentry = file->f_path.dentry;
|
|
inode = d_backing_inode(dentry);
|
|
|
|
if (bad_fs(inode)) {
|
|
status = FIVE_FILE_FAIL;
|
|
cause = CAUSE_BAD_FS;
|
|
rc = -ENOTSUPP;
|
|
goto out;
|
|
}
|
|
|
|
cause = CAUSE_NO_CERT;
|
|
if (five_is_fsverity_protected(inode))
|
|
status = FIVE_FILE_FSVERITY;
|
|
else if (five_is_dmverity_protected(file))
|
|
status = FIVE_FILE_DMVERITY;
|
|
|
|
out:
|
|
if (status == FIVE_FILE_FAIL || status == FIVE_FILE_UNKNOWN) {
|
|
task_integrity_set_reset_reason(TASK_INTEGRITY(task),
|
|
cause, file);
|
|
five_audit_verbose(task, file, five_get_string_fn(func),
|
|
prev_integrity, prev_integrity,
|
|
tint_reset_cause_to_string(cause), rc);
|
|
}
|
|
|
|
five_set_cache_status(iint, status);
|
|
|
|
return rc;
|
|
}
|
|
|
|
static void five_reset_appraise_flags(struct dentry *dentry)
|
|
{
|
|
struct inode *inode = d_backing_inode(dentry);
|
|
struct integrity_iint_cache *iint;
|
|
|
|
if (!S_ISREG(inode->i_mode))
|
|
return;
|
|
|
|
iint = integrity_iint_find(inode);
|
|
if (iint)
|
|
five_set_cache_status(iint, FIVE_FILE_UNKNOWN);
|
|
}
|
|
|
|
/**
|
|
* five_inode_post_setattr - reflect file metadata changes
|
|
* @dentry: pointer to the affected dentry
|
|
*
|
|
* Changes to a dentry's metadata might result in needing to appraise.
|
|
*
|
|
* This function is called from notify_change(), which expects the caller
|
|
* to lock the inode's i_mutex.
|
|
*/
|
|
void five_inode_post_setattr(struct task_struct *task, struct dentry *dentry)
|
|
{
|
|
five_reset_appraise_flags(dentry);
|
|
}
|
|
|
|
/*
|
|
* five_protect_xattr - protect 'security.five'
|
|
*
|
|
* Ensure that not just anyone can modify or remove 'security.five'.
|
|
*/
|
|
static int five_protect_xattr(struct dentry *dentry, const char *xattr_name,
|
|
const void *xattr_value, size_t xattr_value_len)
|
|
{
|
|
if (strcmp(xattr_name, XATTR_NAME_FIVE) == 0) {
|
|
if (!capable(CAP_SYS_ADMIN))
|
|
return -EPERM;
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int five_inode_setxattr(struct dentry *dentry, const char *xattr_name,
|
|
const void *xattr_value, size_t xattr_value_len)
|
|
{
|
|
int result = five_protect_xattr(dentry, xattr_name, xattr_value,
|
|
xattr_value_len);
|
|
|
|
if (result == 1 && xattr_value_len == 0) {
|
|
five_reset_appraise_flags(dentry);
|
|
return 0;
|
|
}
|
|
|
|
if (result == 1) {
|
|
bool digsig;
|
|
struct five_cert_header *header;
|
|
struct five_cert cert = { {0} };
|
|
|
|
result = five_cert_fillout(&cert, xattr_value, xattr_value_len);
|
|
if (result)
|
|
return result;
|
|
|
|
header = (struct five_cert_header *)cert.body.header->value;
|
|
|
|
if (!xattr_value_len || !header ||
|
|
(header->signature_type >= FIVE_XATTR_END))
|
|
return -EINVAL;
|
|
|
|
digsig = (header->signature_type == FIVE_XATTR_DIGSIG);
|
|
if (!digsig)
|
|
return -EPERM;
|
|
|
|
five_reset_appraise_flags(dentry);
|
|
result = 0;
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
int five_inode_removexattr(struct dentry *dentry, const char *xattr_name)
|
|
{
|
|
int result;
|
|
|
|
result = five_protect_xattr(dentry, xattr_name, NULL, 0);
|
|
if (result == 1) {
|
|
five_reset_appraise_flags(dentry);
|
|
result = 0;
|
|
}
|
|
return result;
|
|
}
|
|
|
|
/* Called from do_fcntl */
|
|
int five_fcntl_sign(struct file *file, struct integrity_label __user *label)
|
|
{
|
|
return -EOPNOTSUPP;
|
|
}
|
|
|
|
static int check_input_inode(struct inode *inode)
|
|
{
|
|
if (!S_ISREG(inode->i_mode))
|
|
return -EINVAL;
|
|
|
|
if (readonly_sb(inode)) {
|
|
pr_err("FIVE: Can't sign a file on RO FS\n");
|
|
return -EROFS;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int five_fcntl_edit(struct file *file)
|
|
{
|
|
int rc;
|
|
struct dentry *dentry;
|
|
uint8_t *raw_cert = NULL;
|
|
size_t raw_cert_len = 0;
|
|
struct integrity_iint_cache *iint;
|
|
struct inode *inode = file_inode(file);
|
|
|
|
rc = check_input_inode(inode);
|
|
if (rc)
|
|
return rc;
|
|
|
|
if (!task_integrity_allow_sign(TASK_INTEGRITY(current)))
|
|
return -EPERM;
|
|
|
|
inode_lock(inode);
|
|
dentry = file->f_path.dentry;
|
|
rc = __vfs_setxattr_noperm(d_real_comp(dentry),
|
|
XATTR_NAME_FIVE,
|
|
raw_cert,
|
|
raw_cert_len,
|
|
0);
|
|
iint = integrity_inode_get(inode);
|
|
if (iint)
|
|
iint->five_signing = true;
|
|
inode_unlock(inode);
|
|
|
|
return rc;
|
|
}
|
|
|
|
int five_fcntl_close(struct file *file)
|
|
{
|
|
int rc;
|
|
ssize_t xattr_len;
|
|
struct dentry *dentry;
|
|
struct integrity_iint_cache *iint;
|
|
struct inode *inode = file_inode(file);
|
|
|
|
rc = check_input_inode(inode);
|
|
if (rc)
|
|
return rc;
|
|
|
|
inode_lock(inode);
|
|
iint = integrity_inode_get(inode);
|
|
if (!iint) {
|
|
inode_unlock(inode);
|
|
return -ENOMEM;
|
|
}
|
|
|
|
if (iint->five_signing) {
|
|
dentry = file->f_path.dentry;
|
|
xattr_len = __vfs_getxattr(d_real_comp(dentry), inode,
|
|
XATTR_NAME_FIVE, NULL, 0, XATTR_NOSECURITY);
|
|
if (xattr_len == 0)
|
|
rc = __vfs_removexattr(d_real_comp(dentry),
|
|
XATTR_NAME_FIVE);
|
|
|
|
iint->five_signing = false;
|
|
}
|
|
inode_unlock(inode);
|
|
|
|
return rc;
|
|
}
|