// SPDX-License-Identifier: GPL-2.0-only /* * Module and Firmware Pinning Security Module * * Copyright 2011-2016 Google Inc. * * Author: Kees Cook <[email protected]> */ #define pr_fmt(fmt) … #include <linux/module.h> #include <linux/fs.h> #include <linux/kernel_read_file.h> #include <linux/lsm_hooks.h> #include <linux/mount.h> #include <linux/blkdev.h> #include <linux/path.h> #include <linux/sched.h> /* current */ #include <linux/string_helpers.h> #include <linux/dm-verity-loadpin.h> #include <uapi/linux/loadpin.h> #include <uapi/linux/lsm.h> #define VERITY_DIGEST_FILE_HEADER … static void report_load(const char *origin, struct file *file, char *operation) { … } static int enforce = … IS_ENABLED(…); static char *exclude_read_files[READING_MAX_ID]; static int ignore_read_file_id[READING_MAX_ID] __ro_after_init; static struct super_block *pinned_root; static DEFINE_SPINLOCK(pinned_root_spinlock); #ifdef CONFIG_SECURITY_LOADPIN_VERITY static bool deny_reading_verity_digests; #endif #ifdef CONFIG_SYSCTL static struct ctl_table loadpin_sysctl_table[] = …; static void set_sysctl(bool is_writable) { … } #else static inline void set_sysctl(bool is_writable) { } #endif static void report_writable(struct super_block *mnt_sb, bool writable) { … } /* * This must be called after early kernel init, since then the rootdev * is available. */ static bool sb_is_writable(struct super_block *mnt_sb) { … } static void loadpin_sb_free_security(struct super_block *mnt_sb) { … } static int loadpin_check(struct file *file, enum kernel_read_file_id id) { … } static int loadpin_read_file(struct file *file, enum kernel_read_file_id id, bool contents) { … } static int loadpin_load_data(enum kernel_load_data_id id, bool contents) { … } static const struct lsm_id loadpin_lsmid = …; static struct security_hook_list loadpin_hooks[] __ro_after_init = …; static void __init parse_exclude(void) { … } static int __init loadpin_init(void) { … } DEFINE_LSM(loadpin) = …; #ifdef CONFIG_SECURITY_LOADPIN_VERITY enum loadpin_securityfs_interface_index { … }; static int read_trusted_verity_root_digests(unsigned int fd) { … } /******************************** securityfs ********************************/ static long dm_verity_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) { … } static const struct file_operations loadpin_dm_verity_ops = …; /** * init_loadpin_securityfs - create the securityfs directory for LoadPin * * We can not put this method normally under the loadpin_init() code path since * the security subsystem gets initialized before the vfs caches. * * Returns 0 if the securityfs directory creation was successful. */ static int __init init_loadpin_securityfs(void) { … } fs_initcall(init_loadpin_securityfs); #endif /* CONFIG_SECURITY_LOADPIN_VERITY */ /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ module_param(enforce, int, 0); MODULE_PARM_DESC(…) …; module_param_array_named(…); MODULE_PARM_DESC(…) …;
Codebase Browser
linux