~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,4 +1,7 @@
	1	+// SPDX-License-Identifier: GPL-2.0-only
1	2	/*
	3	+ * Integrity Measurement Architecture
	4	+ *
2	5	* Copyright (C) 2005,2006,2007,2008 IBM Corporation
3	6	*
4	7	* Authors:
..	..	@@ -7,21 +10,15 @@
7	10	* Kylene Hall <kylene@us.ibm.com>
8	11	* Mimi Zohar <zohar@us.ibm.com>
9	12	*
10		- * This program is free software; you can redistribute it and/or
11		- * modify it under the terms of the GNU General Public License as
12		- * published by the Free Software Foundation, version 2 of the
13		- * License.
14		- *
15	13	* File: ima_main.c
16	14	* implements the IMA hooks: ima_bprm_check, ima_file_mmap,
17	15	* and ima_file_check.
18	16	*/
19	17
20		-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21		-
22	18	#include <linux/module.h>
23	19	#include <linux/file.h>
24	20	#include <linux/binfmts.h>
	21	+#include <linux/kernel_read_file.h>
25	22	#include <linux/mount.h>
26	23	#include <linux/mman.h>
27	24	#include <linux/slab.h>
..	..	@@ -41,6 +38,10 @@
41	38	int ima_hash_algo = HASH_ALGO_SHA1;
42	39	static int hash_setup_done;
43	40
	41	+static struct notifier_block ima_lsm_policy_notifier = {
	42	+ .notifier_call = ima_lsm_policy_change,
	43	+};
	44	+
44	45	static int __init hash_setup(char *str)
45	46	{
46	47	struct ima_template_desc *template_desc = ima_template_desc_current();
..	..	@@ -50,18 +51,23 @@
50	51	return 1;
51	52
52	53	if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {
53		- if (strncmp(str, "sha1", 4) == 0)
	54	+ if (strncmp(str, "sha1", 4) == 0) {
54	55	ima_hash_algo = HASH_ALGO_SHA1;
55		- else if (strncmp(str, "md5", 3) == 0)
	56	+ } else if (strncmp(str, "md5", 3) == 0) {
56	57	ima_hash_algo = HASH_ALGO_MD5;
57		- else
	58	+ } else {
	59	+ pr_err("invalid hash algorithm \"%s\" for template \"%s\"",
	60	+ str, IMA_TEMPLATE_IMA_NAME);
58	61	return 1;
	62	+ }
59	63	goto out;
60	64	}
61	65
62	66	i = match_string(hash_algo_name, HASH_ALGO__LAST, str);
63		- if (i < 0)
	67	+ if (i < 0) {
	68	+ pr_err("invalid hash algorithm \"%s\"", str);
64	69	return 1;
	70	+ }
65	71
66	72	ima_hash_algo = i;
67	73	out:
..	..	@@ -69,6 +75,27 @@
69	75	return 1;
70	76	}
71	77	__setup("ima_hash=", hash_setup);
	78	+
	79	+/* Prevent mmap'ing a file execute that is already mmap'ed write */
	80	+static int mmap_violation_check(enum ima_hooks func, struct file *file,
	81	+ char pathbuf, const char pathname,
	82	+ char *filename)
	83	+{
	84	+ struct inode *inode;
	85	+ int rc = 0;
	86	+
	87	+ if ((func == MMAP_CHECK) && mapping_writably_mapped(file->f_mapping)) {
	88	+ rc = -ETXTBSY;
	89	+ inode = file_inode(file);
	90	+
	91	+ if (!pathbuf) / ima_rdwr_violation possibly pre-fetched */
	92	+ *pathname = ima_d_path(&file->f_path, pathbuf,
	93	+ filename);
	94	+ integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, *pathname,
	95	+ "mmap_file", "mmapped_writers", rc, 0);
	96	+ }
	97	+ return rc;
	98	+}
72	99
73	100	/*
74	101	* ima_rdwr_violation_check
..	..	@@ -103,7 +130,7 @@
103	130	} else {
104	131	if (must_measure)
105	132	set_bit(IMA_MUST_MEASURE, &iint->atomic_flags);
106		- if ((atomic_read(&inode->i_writecount) > 0) && must_measure)
	133	+ if (inode_is_open_for_write(inode) && must_measure)
107	134	send_writers = true;
108	135	}
109	136
..	..	@@ -172,13 +199,14 @@
172	199	{
173	200	struct inode *inode = file_inode(file);
174	201	struct integrity_iint_cache *iint = NULL;
175		- struct ima_template_desc *template_desc;
	202	+ struct ima_template_desc *template_desc = NULL;
176	203	char *pathbuf = NULL;
177	204	char filename[NAME_MAX];
178	205	const char *pathname = NULL;
179	206	int rc = 0, action, must_appraise = 0;
180	207	int pcr = CONFIG_IMA_MEASURE_PCR_IDX;
181	208	struct evm_ima_xattr_data *xattr_value = NULL;
	209	+ struct modsig *modsig = NULL;
182	210	int xattr_len = 0;
183	211	bool violation_check;
184	212	enum hash_algo hash_algo;
..	..	@@ -190,7 +218,8 @@
190	218	* bitmask based on the appraise/audit/measurement policy.
191	219	* Included is the appraise submask.
192	220	*/
193		- action = ima_get_action(inode, cred, secid, mask, func, &pcr);
	221	+ action = ima_get_action(inode, cred, secid, mask, func, &pcr,
	222	+ &template_desc, NULL);
194	223	violation_check = ((func == FILE_CHECK \|\| func == MMAP_CHECK) &&
195	224	(ima_policy_flag & IMA_MEASURE));
196	225	if (!action && !violation_check)
..	..	@@ -268,20 +297,37 @@
268	297
269	298	/* Nothing to do, just return existing appraised status */
270	299	if (!action) {
271		- if (must_appraise)
272		- rc = ima_get_cache_status(iint, func);
	300	+ if (must_appraise) {
	301	+ rc = mmap_violation_check(func, file, &pathbuf,
	302	+ &pathname, filename);
	303	+ if (!rc)
	304	+ rc = ima_get_cache_status(iint, func);
	305	+ }
273	306	goto out_locked;
274	307	}
275	308
276		- template_desc = ima_template_desc_current();
277	309	if ((action & IMA_APPRAISE_SUBMASK) \|\|
278		- strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0)
	310	+ strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0) {
279	311	/* read 'security.ima' */
280	312	xattr_len = ima_read_xattr(file_dentry(file), &xattr_value);
281	313
	314	+ /*
	315	+ * Read the appended modsig if allowed by the policy, and allow
	316	+ * an additional measurement list entry, if needed, based on the
	317	+ * template format and whether the file was already measured.
	318	+ */
	319	+ if (iint->flags & IMA_MODSIG_ALLOWED) {
	320	+ rc = ima_read_modsig(func, buf, size, &modsig);
	321	+
	322	+ if (!rc && ima_template_has_modsig(template_desc) &&
	323	+ iint->flags & IMA_MEASURED)
	324	+ action \|= IMA_MEASURE;
	325	+ }
	326	+ }
	327	+
282	328	hash_algo = ima_get_hash_algo(xattr_value, xattr_len);
283	329
284		- rc = ima_collect_measurement(iint, file, buf, size, hash_algo);
	330	+ rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig);
285	331	if (rc != 0 && rc != -EBADF && rc != -EINVAL)
286	332	goto out_locked;
287	333
..	..	@@ -290,12 +336,20 @@
290	336
291	337	if (action & IMA_MEASURE)
292	338	ima_store_measurement(iint, file, pathname,
293		- xattr_value, xattr_len, pcr);
	339	+ xattr_value, xattr_len, modsig, pcr,
	340	+ template_desc);
294	341	if (rc == 0 && (action & IMA_APPRAISE_SUBMASK)) {
295		- inode_lock(inode);
296		- rc = ima_appraise_measurement(func, iint, file, pathname,
297		- xattr_value, xattr_len);
298		- inode_unlock(inode);
	342	+ rc = ima_check_blacklist(iint, modsig, pcr);
	343	+ if (rc != -EPERM) {
	344	+ inode_lock(inode);
	345	+ rc = ima_appraise_measurement(func, iint, file,
	346	+ pathname, xattr_value,
	347	+ xattr_len, modsig);
	348	+ inode_unlock(inode);
	349	+ }
	350	+ if (!rc)
	351	+ rc = mmap_violation_check(func, file, &pathbuf,
	352	+ &pathname, filename);
299	353	}
300	354	if (action & IMA_AUDIT)
301	355	ima_audit_measurement(iint, pathname);
..	..	@@ -308,6 +362,7 @@
308	362	rc = -EACCES;
309	363	mutex_unlock(&iint->mutex);
310	364	kfree(xattr_value);
	365	+ ima_free_modsig(modsig);
311	366	out:
312	367	if (pathbuf)
313	368	__putname(pathbuf);
..	..	@@ -342,6 +397,58 @@
342	397	}
343	398
344	399	return 0;
	400	+}
	401	+
	402	+/**
	403	+ * ima_file_mprotect - based on policy, limit mprotect change
	404	+ * @prot: contains the protection that will be applied by the kernel.
	405	+ *
	406	+ * Files can be mmap'ed read/write and later changed to execute to circumvent
	407	+ * IMA's mmap appraisal policy rules. Due to locking issues (mmap semaphore
	408	+ * would be taken before i_mutex), files can not be measured or appraised at
	409	+ * this point. Eliminate this integrity gap by denying the mprotect
	410	+ * PROT_EXECUTE change, if an mmap appraise policy rule exists.
	411	+ *
	412	+ * On mprotect change success, return 0. On failure, return -EACESS.
	413	+ */
	414	+int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
	415	+{
	416	+ struct ima_template_desc *template;
	417	+ struct file *file = vma->vm_file;
	418	+ char filename[NAME_MAX];
	419	+ char *pathbuf = NULL;
	420	+ const char *pathname = NULL;
	421	+ struct inode *inode;
	422	+ int result = 0;
	423	+ int action;
	424	+ u32 secid;
	425	+ int pcr;
	426	+
	427	+ /* Is mprotect making an mmap'ed file executable? */
	428	+ if (!(ima_policy_flag & IMA_APPRAISE) \|\| !vma->vm_file \|\|
	429	+ !(prot & PROT_EXEC) \|\| (vma->vm_flags & VM_EXEC))
	430	+ return 0;
	431	+
	432	+ security_task_getsecid(current, &secid);
	433	+ inode = file_inode(vma->vm_file);
	434	+ action = ima_get_action(inode, current_cred(), secid, MAY_EXEC,
	435	+ MMAP_CHECK, &pcr, &template, 0);
	436	+
	437	+ /* Is the mmap'ed file in policy? */
	438	+ if (!(action & (IMA_MEASURE \| IMA_APPRAISE_SUBMASK)))
	439	+ return 0;
	440	+
	441	+ if (action & IMA_APPRAISE_SUBMASK)
	442	+ result = -EPERM;
	443	+
	444	+ file = vma->vm_file;
	445	+ pathname = ima_d_path(&file->f_path, &pathbuf, filename);
	446	+ integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, pathname,
	447	+ "collect_data", "failed-mprotect", result, 0);
	448	+ if (pathbuf)
	449	+ __putname(pathbuf);
	450	+
	451	+ return result;
345	452	}
346	453
347	454	/**
..	..	@@ -395,6 +502,92 @@
395	502	EXPORT_SYMBOL_GPL(ima_file_check);
396	503
397	504	/**
	505	+ * ima_file_hash - return the stored measurement if a file has been hashed and
	506	+ * is in the iint cache.
	507	+ * @file: pointer to the file
	508	+ * @buf: buffer in which to store the hash
	509	+ * @buf_size: length of the buffer
	510	+ *
	511	+ * On success, return the hash algorithm (as defined in the enum hash_algo).
	512	+ * If buf is not NULL, this function also outputs the hash into buf.
	513	+ * If the hash is larger than buf_size, then only buf_size bytes will be copied.
	514	+ * It generally just makes sense to pass a buffer capable of holding the largest
	515	+ * possible hash: IMA_MAX_DIGEST_SIZE.
	516	+ * The file hash returned is based on the entire file, including the appended
	517	+ * signature.
	518	+ *
	519	+ * If IMA is disabled or if no measurement is available, return -EOPNOTSUPP.
	520	+ * If the parameters are incorrect, return -EINVAL.
	521	+ */
	522	+int ima_file_hash(struct file file, char buf, size_t buf_size)
	523	+{
	524	+ struct inode *inode;
	525	+ struct integrity_iint_cache *iint;
	526	+ int hash_algo;
	527	+
	528	+ if (!file)
	529	+ return -EINVAL;
	530	+
	531	+ if (!ima_policy_flag)
	532	+ return -EOPNOTSUPP;
	533	+
	534	+ inode = file_inode(file);
	535	+ iint = integrity_iint_find(inode);
	536	+ if (!iint)
	537	+ return -EOPNOTSUPP;
	538	+
	539	+ mutex_lock(&iint->mutex);
	540	+
	541	+ /*
	542	+ * ima_file_hash can be called when ima_collect_measurement has still
	543	+ * not been called, we might not always have a hash.
	544	+ */
	545	+ if (!iint->ima_hash) {
	546	+ mutex_unlock(&iint->mutex);
	547	+ return -EOPNOTSUPP;
	548	+ }
	549	+
	550	+ if (buf) {
	551	+ size_t copied_size;
	552	+
	553	+ copied_size = min_t(size_t, iint->ima_hash->length, buf_size);
	554	+ memcpy(buf, iint->ima_hash->digest, copied_size);
	555	+ }
	556	+ hash_algo = iint->ima_hash->algo;
	557	+ mutex_unlock(&iint->mutex);
	558	+
	559	+ return hash_algo;
	560	+}
	561	+EXPORT_SYMBOL_GPL(ima_file_hash);
	562	+
	563	+/**
	564	+ * ima_post_create_tmpfile - mark newly created tmpfile as new
	565	+ * @file : newly created tmpfile
	566	+ *
	567	+ * No measuring, appraising or auditing of newly created tmpfiles is needed.
	568	+ * Skip calling process_measurement(), but indicate which newly, created
	569	+ * tmpfiles are in policy.
	570	+ */
	571	+void ima_post_create_tmpfile(struct inode *inode)
	572	+{
	573	+ struct integrity_iint_cache *iint;
	574	+ int must_appraise;
	575	+
	576	+ must_appraise = ima_must_appraise(inode, MAY_ACCESS, FILE_CHECK);
	577	+ if (!must_appraise)
	578	+ return;
	579	+
	580	+ /* Nothing to do if we can't allocate memory */
	581	+ iint = integrity_inode_get(inode);
	582	+ if (!iint)
	583	+ return;
	584	+
	585	+ /* needed for writing the security xattrs */
	586	+ set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
	587	+ iint->ima_file_status = INTEGRITY_PASS;
	588	+}
	589	+
	590	+/**
398	591	* ima_post_path_mknod - mark as a new inode
399	592	* @dentry: newly created dentry
400	593	*
..	..	@@ -411,15 +604,20 @@
411	604	if (!must_appraise)
412	605	return;
413	606
	607	+ /* Nothing to do if we can't allocate memory */
414	608	iint = integrity_inode_get(inode);
415		- if (iint)
416		- iint->flags \|= IMA_NEW_FILE;
	609	+ if (!iint)
	610	+ return;
	611	+
	612	+ /* needed for re-opening empty files */
	613	+ iint->flags \|= IMA_NEW_FILE;
417	614	}
418	615
419	616	/**
420	617	* ima_read_file - pre-measure/appraise hook decision based on policy
421	618	* @file: pointer to the file to be measured/appraised/audit
422	619	* @read_id: caller identifier
	620	+ * @contents: whether a subsequent call will be made to ima_post_read_file()
423	621	*
424	622	* Permit reading a file based on policy. The policy rules are written
425	623	* in terms of the policy identifier. Appraising the integrity of
..	..	@@ -427,22 +625,37 @@
427	625	*
428	626	* For permission return 0, otherwise return -EACCES.
429	627	*/
430		-int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
	628	+int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
	629	+ bool contents)
431	630	{
	631	+ enum ima_hooks func;
	632	+ u32 secid;
	633	+
432	634	/*
433		- * READING_FIRMWARE_PREALLOC_BUFFER
434		- *
435	635	* Do devices using pre-allocated memory run the risk of the
436	636	* firmware being accessible to the device prior to the completion
437	637	* of IMA's signature verification any more than when using two
438		- * buffers?
	638	+ * buffers? It may be desirable to include the buffer address
	639	+ * in this API and walk all the dma_map_single() mappings to check.
439	640	*/
440		- return 0;
	641	+
	642	+ /*
	643	+ * There will be a call made to ima_post_read_file() with
	644	+ * a filled buffer, so we don't need to perform an extra
	645	+ * read early here.
	646	+ */
	647	+ if (contents)
	648	+ return 0;
	649	+
	650	+ /* Read entire file for all partial reads. */
	651	+ func = read_idmap[read_id] ?: FILE_CHECK;
	652	+ security_task_getsecid(current, &secid);
	653	+ return process_measurement(file, current_cred(), secid, NULL,
	654	+ 0, MAY_READ, func);
441	655	}
442	656
443		-static int read_idmap[READING_MAX_ID] = {
	657	+const int read_idmap[READING_MAX_ID] = {
444	658	[READING_FIRMWARE] = FIRMWARE_CHECK,
445		- [READING_FIRMWARE_PREALLOC_BUFFER] = FIRMWARE_CHECK,
446	659	[READING_MODULE] = MODULE_CHECK,
447	660	[READING_KEXEC_IMAGE] = KEXEC_KERNEL_CHECK,
448	661	[READING_KEXEC_INITRAMFS] = KEXEC_INITRAMFS_CHECK,
..	..	@@ -468,15 +681,6 @@
468	681	enum ima_hooks func;
469	682	u32 secid;
470	683
471		- if (!file && read_id == READING_FIRMWARE) {
472		- if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
473		- (ima_appraise & IMA_APPRAISE_ENFORCE)) {
474		- pr_err("Prevent firmware loading_store.\n");
475		- return -EACCES; /* INTEGRITY_UNKNOWN */
476		- }
477		- return 0;
478		- }
479		-
480	684	/* permit signed certs */
481	685	if (!file && read_id == READING_X509_CERTIFICATE)
482	686	return 0;
..	..	@@ -496,6 +700,8 @@
496	700	/**
497	701	* ima_load_data - appraise decision based on policy
498	702	* @id: kernel load data caller identifier
	703	+ * @contents: whether the full contents will be available in a later
	704	+ * call to ima_post_load_data().
499	705	*
500	706	* Callers of this LSM hook can not measure, appraise, or audit the
501	707	* data provided by userspace. Enforce policy rules requring a file
..	..	@@ -503,22 +709,28 @@
503	709	*
504	710	* For permission return 0, otherwise return -EACCES.
505	711	*/
506		-int ima_load_data(enum kernel_load_data_id id)
	712	+int ima_load_data(enum kernel_load_data_id id, bool contents)
507	713	{
508		- bool sig_enforce;
	714	+ bool ima_enforce, sig_enforce;
509	715
510		- if ((ima_appraise & IMA_APPRAISE_ENFORCE) != IMA_APPRAISE_ENFORCE)
511		- return 0;
	716	+ ima_enforce =
	717	+ (ima_appraise & IMA_APPRAISE_ENFORCE) == IMA_APPRAISE_ENFORCE;
512	718
513	719	switch (id) {
514	720	case LOADING_KEXEC_IMAGE:
515		- if (ima_appraise & IMA_APPRAISE_KEXEC) {
	721	+ if (IS_ENABLED(CONFIG_KEXEC_SIG)
	722	+ && arch_ima_get_secureboot()) {
	723	+ pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n");
	724	+ return -EACCES;
	725	+ }
	726	+
	727	+ if (ima_enforce && (ima_appraise & IMA_APPRAISE_KEXEC)) {
516	728	pr_err("impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.\n");
517	729	return -EACCES; /* INTEGRITY_UNKNOWN */
518	730	}
519	731	break;
520	732	case LOADING_FIRMWARE:
521		- if (ima_appraise & IMA_APPRAISE_FIRMWARE) {
	733	+ if (ima_enforce && (ima_appraise & IMA_APPRAISE_FIRMWARE) && !contents) {
522	734	pr_err("Prevent firmware sysfs fallback loading.\n");
523	735	return -EACCES; /* INTEGRITY_UNKNOWN */
524	736	}
..	..	@@ -526,7 +738,8 @@
526	738	case LOADING_MODULE:
527	739	sig_enforce = is_module_sig_enforced();
528	740
529		- if (!sig_enforce && (ima_appraise & IMA_APPRAISE_MODULES)) {
	741	+ if (ima_enforce && (!sig_enforce
	742	+ && (ima_appraise & IMA_APPRAISE_MODULES))) {
530	743	pr_err("impossible to appraise a module without a file descriptor. sig_enforce kernel parameter might help\n");
531	744	return -EACCES; /* INTEGRITY_UNKNOWN */
532	745	}
..	..	@@ -534,6 +747,157 @@
534	747	break;
535	748	}
536	749	return 0;
	750	+}
	751	+
	752	+/**
	753	+ * ima_post_load_data - appraise decision based on policy
	754	+ * @buf: pointer to in memory file contents
	755	+ * @size: size of in memory file contents
	756	+ * @id: kernel load data caller identifier
	757	+ * @description: @id-specific description of contents
	758	+ *
	759	+ * Measure/appraise/audit in memory buffer based on policy. Policy rules
	760	+ * are written in terms of a policy identifier.
	761	+ *
	762	+ * On success return 0. On integrity appraisal error, assuming the file
	763	+ * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
	764	+ */
	765	+int ima_post_load_data(char *buf, loff_t size,
	766	+ enum kernel_load_data_id load_id,
	767	+ char *description)
	768	+{
	769	+ if (load_id == LOADING_FIRMWARE) {
	770	+ if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
	771	+ (ima_appraise & IMA_APPRAISE_ENFORCE)) {
	772	+ pr_err("Prevent firmware loading_store.\n");
	773	+ return -EACCES; /* INTEGRITY_UNKNOWN */
	774	+ }
	775	+ return 0;
	776	+ }
	777	+
	778	+ return 0;
	779	+}
	780	+
	781	+/*
	782	+ * process_buffer_measurement - Measure the buffer to ima log.
	783	+ * @inode: inode associated with the object being measured (NULL for KEY_CHECK)
	784	+ * @buf: pointer to the buffer that needs to be added to the log.
	785	+ * @size: size of buffer(in bytes).
	786	+ * @eventname: event name to be used for the buffer entry.
	787	+ * @func: IMA hook
	788	+ * @pcr: pcr to extend the measurement
	789	+ * @keyring: keyring name to determine the action to be performed
	790	+ *
	791	+ * Based on policy, the buffer is measured into the ima log.
	792	+ */
	793	+void process_buffer_measurement(struct inode inode, const void buf, int size,
	794	+ const char *eventname, enum ima_hooks func,
	795	+ int pcr, const char *keyring)
	796	+{
	797	+ int ret = 0;
	798	+ const char *audit_cause = "ENOMEM";
	799	+ struct ima_template_entry *entry = NULL;
	800	+ struct integrity_iint_cache iint = {};
	801	+ struct ima_event_data event_data = {.iint = &iint,
	802	+ .filename = eventname,
	803	+ .buf = buf,
	804	+ .buf_len = size};
	805	+ struct ima_template_desc *template = NULL;
	806	+ struct {
	807	+ struct ima_digest_data hdr;
	808	+ char digest[IMA_MAX_DIGEST_SIZE];
	809	+ } hash = {};
	810	+ int violation = 0;
	811	+ int action = 0;
	812	+ u32 secid;
	813	+
	814	+ if (!ima_policy_flag)
	815	+ return;
	816	+
	817	+ /*
	818	+ * Both LSM hooks and auxilary based buffer measurements are
	819	+ * based on policy. To avoid code duplication, differentiate
	820	+ * between the LSM hooks and auxilary buffer measurements,
	821	+ * retrieving the policy rule information only for the LSM hook
	822	+ * buffer measurements.
	823	+ */
	824	+ if (func) {
	825	+ security_task_getsecid(current, &secid);
	826	+ action = ima_get_action(inode, current_cred(), secid, 0, func,
	827	+ &pcr, &template, keyring);
	828	+ if (!(action & IMA_MEASURE))
	829	+ return;
	830	+ }
	831	+
	832	+ if (!pcr)
	833	+ pcr = CONFIG_IMA_MEASURE_PCR_IDX;
	834	+
	835	+ if (!template) {
	836	+ template = lookup_template_desc("ima-buf");
	837	+ ret = template_desc_init_fields(template->fmt,
	838	+ &(template->fields),
	839	+ &(template->num_fields));
	840	+ if (ret < 0) {
	841	+ pr_err("template %s init failed, result: %d\n",
	842	+ (strlen(template->name) ?
	843	+ template->name : template->fmt), ret);
	844	+ return;
	845	+ }
	846	+ }
	847	+
	848	+ iint.ima_hash = &hash.hdr;
	849	+ iint.ima_hash->algo = ima_hash_algo;
	850	+ iint.ima_hash->length = hash_digest_size[ima_hash_algo];
	851	+
	852	+ ret = ima_calc_buffer_hash(buf, size, iint.ima_hash);
	853	+ if (ret < 0) {
	854	+ audit_cause = "hashing_error";
	855	+ goto out;
	856	+ }
	857	+
	858	+ ret = ima_alloc_init_template(&event_data, &entry, template);
	859	+ if (ret < 0) {
	860	+ audit_cause = "alloc_entry";
	861	+ goto out;
	862	+ }
	863	+
	864	+ ret = ima_store_template(entry, violation, NULL, buf, pcr);
	865	+ if (ret < 0) {
	866	+ audit_cause = "store_entry";
	867	+ ima_free_template_entry(entry);
	868	+ }
	869	+
	870	+out:
	871	+ if (ret < 0)
	872	+ integrity_audit_message(AUDIT_INTEGRITY_PCR, NULL, eventname,
	873	+ func_measure_str(func),
	874	+ audit_cause, ret, 0, ret);
	875	+
	876	+ return;
	877	+}
	878	+
	879	+/**
	880	+ * ima_kexec_cmdline - measure kexec cmdline boot args
	881	+ * @kernel_fd: file descriptor of the kexec kernel being loaded
	882	+ * @buf: pointer to buffer
	883	+ * @size: size of buffer
	884	+ *
	885	+ * Buffers can only be measured, not appraised.
	886	+ */
	887	+void ima_kexec_cmdline(int kernel_fd, const void *buf, int size)
	888	+{
	889	+ struct fd f;
	890	+
	891	+ if (!buf \|\| !size)
	892	+ return;
	893	+
	894	+ f = fdget(kernel_fd);
	895	+ if (!f.file)
	896	+ return;
	897	+
	898	+ process_buffer_measurement(file_inode(f.file), buf, size,
	899	+ "kexec-cmdline", KEXEC_CMDLINE, 0, NULL);
	900	+ fdput(f);
537	901	}
538	902
539	903	static int __init init_ima(void)
..	..	@@ -553,6 +917,13 @@
553	917	error = ima_init();
554	918	}
555	919
	920	+ if (error)
	921	+ return error;
	922	+
	923	+ error = register_blocking_lsm_notifier(&ima_lsm_policy_notifier);
	924	+ if (error)
	925	+ pr_warn("Couldn't register LSM notifier, error %d\n", error);
	926	+
556	927	if (!error)
557	928	ima_update_policy_flag();
558	929
..	..	@@ -560,6 +931,3 @@
560	931	}
561	932
562	933	late_initcall(init_ima); /* Start IMA after the TPM is available */
563		-
564		-MODULE_DESCRIPTION("Integrity Measurement Architecture");
565		-MODULE_LICENSE("GPL");