| From 0d0a0f65fdfd71ad37a71a6ee2216d7caced0d3a Mon Sep 17 00:00:00 2001 |
| From: Mimi Zohar <zohar@linux.vnet.ibm.com> |
| Date: Mon, 3 Jan 2011 14:59:10 -0800 |
| Subject: [PATCH] ima: fix add LSM rule bug |
| |
| commit 867c20265459d30a01b021a9c1e81fb4c5832aa9 upstream. |
| |
| If security_filter_rule_init() doesn't return a rule, then not everything |
| is as fine as the return code implies. |
| |
| This bug only occurs when the LSM (eg. SELinux) is disabled at runtime. |
| |
| Adding an empty LSM rule causes ima_match_rules() to always succeed, |
| ignoring any remaining rules. |
| |
| default IMA TCB policy: |
| # PROC_SUPER_MAGIC |
| dont_measure fsmagic=0x9fa0 |
| # SYSFS_MAGIC |
| dont_measure fsmagic=0x62656572 |
| # DEBUGFS_MAGIC |
| dont_measure fsmagic=0x64626720 |
| # TMPFS_MAGIC |
| dont_measure fsmagic=0x01021994 |
| # SECURITYFS_MAGIC |
| dont_measure fsmagic=0x73636673 |
| |
| < LSM specific rule > |
| dont_measure obj_type=var_log_t |
| |
| measure func=BPRM_CHECK |
| measure func=FILE_MMAP mask=MAY_EXEC |
| measure func=FILE_CHECK mask=MAY_READ uid=0 |
| |
| Thus without the patch, with the boot parameters 'tcb selinux=0', adding |
| the above 'dont_measure obj_type=var_log_t' rule to the default IMA TCB |
| measurement policy, would result in nothing being measured. The patch |
| prevents the default TCB policy from being replaced. |
| |
| Signed-off-by: Mimi Zohar <zohar@us.ibm.com> |
| Cc: James Morris <jmorris@namei.org> |
| Acked-by: Serge Hallyn <serge.hallyn@canonical.com> |
| Cc: David Safford <safford@watson.ibm.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c |
| index 8643a93..14efcfe 100644 |
| --- a/security/integrity/ima/ima_policy.c |
| +++ b/security/integrity/ima/ima_policy.c |
| @@ -250,6 +250,8 @@ static int ima_lsm_rule_init(struct ima_measure_rule_entry *entry, |
| result = security_filter_rule_init(entry->lsm[lsm_rule].type, |
| Audit_equal, args, |
| &entry->lsm[lsm_rule].rule); |
| + if (!entry->lsm[lsm_rule].rule) |
| + return -EINVAL; |
| return result; |
| } |
| |
| -- |
| 1.7.4.4 |
| |