Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 1b68bdf9cded82d37e443a20c5ed47bbb084d5dc^! / . / security / integrity / ima / ima_main.c
commit1b68bdf9cded82d37e443a20c5ed47bbb084d5dc[log] [tgz]
authorRoberto Sassu <roberto.sassu@polito.it>Fri Sep 12 19:35:56 2014 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>Thu Sep 18 10:04:12 2014 -0400
treeed09fb584503dce3925af7f0f9d397a8f407d5ea
parentf7a859ff7395c0ffe60f9563df5354473e5f9244 [diff] [blame]
ima: detect violations for mmaped files

This patch fixes the detection of the 'open_writers' violation for mmaped
files.

before) an 'open_writers' violation is detected if the policy contains
        a rule with the criteria: func=FILE_CHECK mask=MAY_READ

after) an 'open_writers' violation is detected if the current event
       matches one of the policy rules.

With the old behaviour, the 'open_writers' violation is not detected
in the following case:

policy:
measure func=FILE_MMAP mask=MAY_EXEC

steps:
1) open a shared library for writing
2) execute a binary that links that shared library
3) during the binary execution, modify the shared library and save
   the change

result:
the 'open_writers' violation measurement is not present in the IMA list.

Only binaries executed are protected from writes. For libraries mapped
in memory there is the flag MAP_DENYWRITE for this purpose, but according
to the output of 'man mmap', the mmap flag is ignored.

Since ima_rdwr_violation_check() is now called by process_measurement()
the information about if the inode must be measured is already provided
by ima_get_action(). Thus the unnecessary function ima_must_measure()
has been removed.

Changes in v3 (Dmitry Kasatkin):
- Violation for MMAP_CHECK function are verified since this patch
- Changed patch description a bit

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 03bb52e..62f59eca 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c

@@ -79,6 +79,7 @@
  */
 static void ima_rdwr_violation_check(struct file *file,
 				     struct integrity_iint_cache *iint,
+				     int must_measure,
 				     char **pathbuf,
 				     const char **pathname)
 {
@@ -95,8 +96,7 @@
 				send_tomtou = true;
 		}
 	} else {
-		if ((atomic_read(&inode->i_writecount) > 0) &&
-		    ima_must_measure(inode, MAY_READ, FILE_CHECK))
+		if ((atomic_read(&inode->i_writecount) > 0) && must_measure)
 			send_writers = true;
 	}
 
@@ -174,7 +174,7 @@
 	 * Included is the appraise submask.
 	 */
 	action = ima_get_action(inode, mask, function);
-	violation_check = (function == FILE_CHECK &&
+	violation_check = ((function == FILE_CHECK || function == MMAP_CHECK) &&
 			   (ima_policy_flag & IMA_MEASURE));
 	if (!action && !violation_check)
 		return 0;
@@ -194,7 +194,8 @@
 	}
 
 	if (violation_check) {
-		ima_rdwr_violation_check(file, iint, &pathbuf, &pathname);
+		ima_rdwr_violation_check(file, iint, action & IMA_MEASURE,
+					 &pathbuf, &pathname);
 		if (!action) {
 			rc = 0;
 			goto out_free;