evm: Implement per signature type decision in security_inode_copy_up_…

…xattr To support "portable and immutable signatures" on otherwise unsupported filesystems, determine the EVM signature type by the content of a file's xattr. If the file has the appropriate signature type then allow it to be copied up. All other signature types are discarded as before. "Portable and immutable" EVM signatures can be copied up by stacked file- system since the metadata their signature covers does not include file- system-specific data such as a file's inode number, generation, and UUID. Co-developed-by: Mimi Zohar <[email protected]> Signed-off-by: Stefan Berger <[email protected]> Signed-off-by: Mimi Zohar <[email protected]>
adammead · Apr 9, 2024 · f2b3fc4 · f2b3fc4
1 parent 3253804
commit f2b3fc4
Showing 1 changed file with 28 additions and 3 deletions.
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
@@ -948,9 +948,34 @@ static void evm_inode_post_setattr(struct mnt_idmap *idmap,
 
 static int evm_inode_copy_up_xattr(struct dentry *src, const char *name)
 {
-	if (strcmp(name, XATTR_NAME_EVM) == 0)
-		return 1; /* Discard */
-	return -EOPNOTSUPP;
+	struct evm_ima_xattr_data *xattr_data = NULL;
+	int rc;
+
+	if (strcmp(name, XATTR_NAME_EVM) != 0)
+		return -EOPNOTSUPP;
+
+	/* first need to know the sig type */
+	rc = vfs_getxattr_alloc(&nop_mnt_idmap, src, XATTR_NAME_EVM,
+				(char **)&xattr_data, 0, GFP_NOFS);
+	if (rc <= 0)
+		return -EPERM;
+
+	if (rc < offsetof(struct evm_ima_xattr_data, type) +
+		 sizeof(xattr_data->type))
+		return -EPERM;
+
+	switch (xattr_data->type) {
+	case EVM_XATTR_PORTABLE_DIGSIG:
+		rc = 0; /* allow copy-up */
+		break;
+	case EVM_XATTR_HMAC:
+	case EVM_IMA_XATTR_DIGSIG:
+	default:
+		rc = 1; /* discard */
+	}
+
+	kfree(xattr_data);
+	return rc;
 }
 
 /*