Re: [RFC][PATCH v2 06/12] diglim: Interfaces - digest_list_add, digest_list_del

Hi Roberto,

On Mon, 2021-07-26 at 18:36 +0200, Roberto Sassu wrote:

/*

• • digest_list_read: read and parse the digest list from the path
• */

+static ssize_t digest_list_read(char *path, enum ops op) +{

•   void *data = NULL;
  

•   char *datap;
  

•   size_t size;
  

•   u8 actions = 0;
  

•   struct file *file;
  

•   char event_name[NAME_MAX + 9 + 1];
  

•   u8 digest[IMA_MAX_DIGEST_SIZE] = { 0 };
  

•   enum hash_algo algo;
  

•   int rc, pathlen = strlen(path);
  

•   /* Remove \n. */
  

•   datap = path;
  

•   strsep(&datap, "\n");
  

•   file = filp_open(path, O_RDONLY, 0);
  

•   if (IS_ERR(file)) {
  

•           pr_err("unable to open file: %s (%ld)", path, PTR_ERR(file));
  

•           return PTR_ERR(file);
  

•   }
  

•   rc = kernel_read_file(file, 0, &data, INT_MAX, NULL,
  

•                         READING_DIGEST_LIST);
  

•   if (rc < 0) {
  

•           pr_err("unable to read file: %s (%d)", path, rc);
  

•           goto out;
  

•   }
  

•   size = rc;
  

•   snprintf(event_name, sizeof(event_name), "%s_file_%s",
  

•            op == DIGEST_LIST_ADD ? "add" : "del",
  

•            file_dentry(file)->d_name.name);
  

•   rc = ima_measure_critical_data("diglim", event_name, data, size, false,
  

•                                  digest, sizeof(digest));
  

•   if (rc < 0 && rc != -EEXIST)
  

•           goto out_vfree;
  

The digest lists could easily be measured while reading the digest list file above in kernel_read_file(). What makes it "critical-data"? In the SELinux case, the in memory SELinux policy is being measured and re-measured to make sure it hasn't been modified. Is the digest list file data being measured more than once?

I understand that with your changes to ima_measure_critical_data(), which are now in next-integrity-testing branch, allow IMA to calculate the file data hash.

thanks,

Mimi

•   algo = ima_get_current_hash_algo();