ima: instantiate the bprm_creds_for_exec() hook

#define AUDIT_INTEGRITY_RULE	    1805 /* policy rule */

#define AUDIT_INTEGRITY_EVM_XATTR   1806 /* New EVM-covered xattr */

#define AUDIT_INTEGRITY_POLICY_RULE 1807 /* IMA policy rules */

#define AUDIT_INTEGRITY_USERSPACE   1808 /* Userspace enforced data integrity */

#define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */

#include <linux/module.h>

#include <linux/init.h>

#include <linux/file.h>

#include <linux/binfmts.h>

#include <linux/fs.h>

#include <linux/xattr.h>

#include <linux/magic.h>

	return rc;

}

static bool is_bprm_creds_for_exec(enum ima_hooks func, struct file *file)

{

	struct linux_binprm *bprm;

	if (func == BPRM_CHECK) {

		bprm = container_of(&file, struct linux_binprm, file);

		return bprm->is_check;

	}

	return false;

}

/*

 * ima_appraise_measurement - appraise file measurement

 *

			     int xattr_len, const struct modsig *modsig)

{

	static const char op[] = "appraise_data";

	int audit_msgno = AUDIT_INTEGRITY_DATA;

	const char *cause = "unknown";

	struct dentry *dentry = file_dentry(file);

	struct inode *inode = d_backing_inode(dentry);

	if (!(inode->i_opflags & IOP_XATTR) && !try_modsig)

		return INTEGRITY_UNKNOWN;

	/*

	 * Unlike any of the other LSM hooks where the kernel enforces file

	 * integrity, enforcing file integrity for the bprm_creds_for_exec()

	 * LSM hook with the AT_EXECVE_CHECK flag is left up to the discretion

	 * of the script interpreter(userspace). Differentiate kernel and

	 * userspace enforced integrity audit messages.

	 */

	if (is_bprm_creds_for_exec(func, file))

		audit_msgno = AUDIT_INTEGRITY_USERSPACE;

	/* If reading the xattr failed and there's no modsig, error out. */

	if (rc <= 0 && !try_modsig) {

		if (rc && rc != -ENODATA)

	     (iint->flags & IMA_FAIL_UNVERIFIABLE_SIGS))) {

		status = INTEGRITY_FAIL;

		cause = "unverifiable-signature";

		integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,

		integrity_audit_msg(audit_msgno, inode, filename,

				    op, cause, rc, 0);

	} else if (status != INTEGRITY_PASS) {

		/* Fix mode, but don't replace file signatures. */

			status = INTEGRITY_PASS;

		}

		integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, filename,

		integrity_audit_msg(audit_msgno, inode, filename,

				    op, cause, rc, 0);

	} else {

		ima_cache_flags(iint, func);

				   MAY_EXEC, CREDS_CHECK);

}

/**

 * ima_bprm_creds_for_exec - collect/store/appraise measurement.

 * @bprm: contains the linux_binprm structure

 *

 * Based on the IMA policy and the execveat(2) AT_EXECVE_CHECK flag, measure

 * and appraise the integrity of a file to be executed by script interpreters.

 * Unlike any of the other LSM hooks where the kernel enforces file integrity,

 * enforcing file integrity is left up to the discretion of the script

 * interpreter (userspace).

 *

 * On success return 0.  On integrity appraisal error, assuming the file

 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.

 */

static int ima_bprm_creds_for_exec(struct linux_binprm *bprm)

{

	/*

	 * As security_bprm_check() is called multiple times, both

	 * the script and the shebang interpreter are measured, appraised,

	 * and audited. Limit usage of this LSM hook to just measuring,

	 * appraising, and auditing the indirect script execution

	 * (e.g. ./sh example.sh).

	 */

	if (!bprm->is_check)

		return 0;

	return ima_bprm_check(bprm);

}

/**

 * ima_file_check - based on policy, collect/store measurement.

 * @file: pointer to the file to be measured

static struct security_hook_list ima_hooks[] __ro_after_init = {

	LSM_HOOK_INIT(bprm_check_security, ima_bprm_check),

	LSM_HOOK_INIT(bprm_creds_for_exec, ima_bprm_creds_for_exec),

	LSM_HOOK_INIT(file_post_open, ima_file_check),

	LSM_HOOK_INIT(inode_post_create_tmpfile, ima_post_create_tmpfile),

	LSM_HOOK_INIT(file_release, ima_file_free),