Modify add-evm-xattr parser operation

e60a53ad · Roberto Sassu · 1c951ab3 · e60a53ad · e60a53ad · e60a53ad
Showing with 23 addition and 6 deletion

include/kernel_lib.h include/kernel_lib.h +1 -0

include/xattr.h include/xattr.h +1 -0

lib/xattr.c lib/xattr.c +17 -0

parsers/compact_tlv.c parsers/compact_tlv.c +2 -4

parsers/rpm.c parsers/rpm.c +2 -2

未找到文件。
--- a/include/kernel_lib.h
+++ b/include/kernel_lib.h
@@ -233,6 +233,7 @@ enum evm_ima_xattr_type {
 	EVM_IMA_XATTR_DIGSIG,
 	IMA_XATTR_DIGEST_NG,
 	EVM_XATTR_PORTABLE_DIGSIG,
+	EVM_IMA_XATTR_DIGEST_LIST,
 	IMA_XATTR_LAST
 };


--- a/include/xattr.h
+++ b/include/xattr.h
@@ -19,6 +19,7 @@

 int write_ima_xattr(int dirfd, char *path, u8 *keyid, size_t keyid_len,
 		    u8 *sig, size_t sig_len, enum hash_algo algo);
+int write_evm_xattr(char *path, enum hash_algo algo);
 int parse_ima_xattr(u8 *buf, size_t buf_len, u8 **keyid, size_t *keyid_len,
 		    u8 **sig, size_t *sig_len, enum hash_algo *algo);
 int read_ima_xattr(int dirfd, char *path, u8 **buf, size_t *buf_len,

--- a/lib/xattr.c
+++ b/lib/xattr.c
@@ -64,6 +64,23 @@ out:
 	return ret;
 }

+int write_evm_xattr(char *path, enum hash_algo algo)
+{
+	struct signature_v2_hdr hdr = { 0 };
+	int ret;
+
+	hdr.type = EVM_IMA_XATTR_DIGEST_LIST;
+	hdr.version = 2;
+	hdr.hash_algo = algo;
+
+	ret = lsetxattr(path, XATTR_NAME_EVM, &hdr,
+			offsetof(struct signature_v2_hdr, keyid), 0);
+	if (ret < 0)
+		printf("Cannot add %s xattr\n", XATTR_NAME_EVM);
+
+	return ret;
+}
+
 int parse_ima_xattr(u8 *buf, size_t buf_len, u8 **keyid, size_t *keyid_len,
 		    u8 **sig, size_t *sig_len, enum hash_algo *algo)
 {

--- a/parsers/compact_tlv.c
+++ b/parsers/compact_tlv.c
@@ -35,7 +35,6 @@ int parser(int fd, struct list_head *head, loff_t size, void *buf,
 	u8 evm_digest[SHA512_DIGEST_SIZE], *evm_digest_ptr;
 	void *bufp = buf, *bufendp = buf + size;
 	struct compact_list_hdr hdr, *hdrp;
-	u8 evm_xattr_value = EVM_XATTR_HMAC;
 	int ret, i, j, count;

 	while (bufp < bufendp) {
@@ -222,9 +221,8 @@ int parser(int fd, struct list_head *head, loff_t size, void *buf,
 					    XATTR_NAME_IMA);
 				break;
 			case PARSER_OP_ADD_EVM_XATTR:
-				lsetxattr((char *)items_data(ID_PATH),
-					  XATTR_NAME_EVM, &evm_xattr_value, 1,
-					  0);
+				write_evm_xattr((char *)items_data(ID_PATH),
+						 hdr.algo);
 				break;
 			case PARSER_OP_REMOVE_EVM_XATTR:
 				if (fs_magic == TMPFS_MAGIC)

--- a/parsers/rpm.c
+++ b/parsers/rpm.c
@@ -20,6 +20,7 @@

 #include "parser_lib.h"
 #include "selinux.h"
+#include "xattr.h"

 enum pgp_hash_algo {
 	PGP_HASH_MD5			= 1,
@@ -73,7 +74,6 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
 	u8 digest[SHA512_DIGEST_SIZE];
 	u8 evm_digest[SHA512_DIGEST_SIZE];
 	char path[PATH_MAX];
-	u8 evm_xattr_value = EVM_XATTR_HMAC;
 	int ret = 0, i;

 	const unsigned char rpm_header_magic[8] = {
@@ -266,7 +266,7 @@ int parser(int fd, struct list_head *head, loff_t buf_size, void *buf,
 			removexattr(path, XATTR_NAME_IMA);
 			break;
 		case PARSER_OP_ADD_EVM_XATTR:
-			lsetxattr(path, XATTR_NAME_EVM, &evm_xattr_value, 1, 0);
+			write_evm_xattr(path, algo);
 			break;
 		case PARSER_OP_REMOVE_EVM_XATTR:
 			removexattr(path, XATTR_NAME_EVM);