Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d77ccdc6 authored by Mimi Zohar's avatar Mimi Zohar
Browse files

ima: re-evaluate files on privileged mounted filesystems 



This patch addresses the fuse privileged mounted filesystems in a "secure"
environment, with a correctly enforced security policy, which is willing
to assume the inherent risk of specific fuse filesystems that are well
defined and properly implemented.

As there is no way for the kernel to detect file changes, the kernel
ignores the cached file integrity results and re-measures, re-appraises,
and re-audits the file.

Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Seth Forshee <seth.forshee@canonical.com>
Cc: Dongsu Park <dongsu@kinvolk.io>
Cc: Alban Crequy <alban@kinvolk.io>
Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
Acked-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
parent 57b56ac6

security/integrity/ima/ima_main.c

+11 −2
Original line number Diff line number Diff line
@@ -25,6 +25,7 @@ 
#include <linux/xattr.h>

#include <linux/ima.h>

#include <linux/iversion.h>

#include <linux/fs.h>



#include "ima.h"
@@ -230,9 +231,17 @@ static int process_measurement(struct file *file, const struct cred *cred, 
				 IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |

				 IMA_ACTION_FLAGS);



	if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags))

		/* reset all flags if ima_inode_setxattr was called */

	/*

	 * Re-evaulate the file if either the xattr has changed or the

	 * kernel has no way of detecting file change on the filesystem.

	 * (Limited to privileged mounted filesystems.)

	 */

	if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) ||

	    ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) &&

	     !(inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER))) {

		iint->flags &= ~IMA_DONE_MASK;

		iint->measured_pcrs = 0;

	}



	/* Determine if already appraised/measured based on bitmask

	 * (IMA_MEASURE, IMA_MEASURED, IMA_XXXX_APPRAISE, IMA_XXXX_APPRAISED,