31f8c8682f
Enable IPE policy authors to indicate trust for a singular fsverity file, identified by the digest information, through "fsverity_digest" and all files using valid fsverity builtin signatures via "fsverity_signature". This enables file-level integrity claims to be expressed in IPE, allowing individual files to be authorized, giving some flexibility for policy authors. Such file-level claims are important to be expressed for enforcing the integrity of packages, as well as address some of the scalability issues in a sole dm-verity based solution (# of loop back devices, etc). This solution cannot be done in userspace as the minimum threat that IPE should mitigate is an attacker downloads malicious payload with all required dependencies. These dependencies can lack the userspace check, bypassing the protection entirely. A similar attack succeeds if the userspace component is replaced with a version that does not perform the check. As a result, this can only be done in the common entry point - the kernel. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
53 lines
1.4 KiB
C
53 lines
1.4 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
|
|
*/
|
|
#ifndef _IPE_HOOKS_H
|
|
#define _IPE_HOOKS_H
|
|
|
|
#include <linux/fs.h>
|
|
#include <linux/binfmts.h>
|
|
#include <linux/security.h>
|
|
#include <linux/blk_types.h>
|
|
#include <linux/fsverity.h>
|
|
|
|
enum ipe_hook_type {
|
|
IPE_HOOK_BPRM_CHECK = 0,
|
|
IPE_HOOK_MMAP,
|
|
IPE_HOOK_MPROTECT,
|
|
IPE_HOOK_KERNEL_READ,
|
|
IPE_HOOK_KERNEL_LOAD,
|
|
__IPE_HOOK_MAX
|
|
};
|
|
|
|
#define IPE_HOOK_INVALID __IPE_HOOK_MAX
|
|
|
|
int ipe_bprm_check_security(struct linux_binprm *bprm);
|
|
|
|
int ipe_mmap_file(struct file *f, unsigned long reqprot, unsigned long prot,
|
|
unsigned long flags);
|
|
|
|
int ipe_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
|
|
unsigned long prot);
|
|
|
|
int ipe_kernel_read_file(struct file *file, enum kernel_read_file_id id,
|
|
bool contents);
|
|
|
|
int ipe_kernel_load_data(enum kernel_load_data_id id, bool contents);
|
|
|
|
void ipe_unpack_initramfs(void);
|
|
|
|
#ifdef CONFIG_IPE_PROP_DM_VERITY
|
|
void ipe_bdev_free_security(struct block_device *bdev);
|
|
|
|
int ipe_bdev_setintegrity(struct block_device *bdev, enum lsm_integrity_type type,
|
|
const void *value, size_t len);
|
|
#endif /* CONFIG_IPE_PROP_DM_VERITY */
|
|
|
|
#ifdef CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG
|
|
int ipe_inode_setintegrity(const struct inode *inode, enum lsm_integrity_type type,
|
|
const void *value, size_t size);
|
|
#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
|
|
|
|
#endif /* _IPE_HOOKS_H */
|