integrity/ima/ima_template_lib.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright (C) 2013 Politecnico di Torino, Italy
0004  *                    TORSEC group -- https://security.polito.it
0005  *
0006  * Author: Roberto Sassu <roberto.sassu@polito.it>
0007  *
0008  * File: ima_template_lib.c
0009  *      Library of supported template fields.
0010  */
0011
0012 #include "ima_template_lib.h"
0013 #include <linux/xattr.h>
0014 #include <linux/evm.h>
0015
0016 static bool ima_template_hash_algo_allowed(u8 algo)
0017 {
0018     if (algo == HASH_ALGO_SHA1 || algo == HASH_ALGO_MD5)
0019         return true;
0020
0021     return false;
0022 }
0023
0024 enum data_formats {
0025     DATA_FMT_DIGEST = 0,
0026     DATA_FMT_DIGEST_WITH_ALGO,
0027     DATA_FMT_DIGEST_WITH_TYPE_AND_ALGO,
0028     DATA_FMT_STRING,
0029     DATA_FMT_HEX,
0030     DATA_FMT_UINT
0031 };
0032
0033 enum digest_type {
0034     DIGEST_TYPE_IMA,
0035     DIGEST_TYPE_VERITY,
0036     DIGEST_TYPE__LAST
0037 };
0038
0039 #define DIGEST_TYPE_NAME_LEN_MAX 7  /* including NUL */
0040 static const char * const digest_type_name[DIGEST_TYPE__LAST] = {
0041     [DIGEST_TYPE_IMA] = "ima",
0042     [DIGEST_TYPE_VERITY] = "verity"
0043 };
0044
0045 static int ima_write_template_field_data(const void *data, const u32 datalen,
0046                      enum data_formats datafmt,
0047                      struct ima_field_data *field_data)
0048 {
0049     u8 *buf, *buf_ptr;
0050     u32 buflen = datalen;
0051
0052     if (datafmt == DATA_FMT_STRING)
0053         buflen = datalen + 1;
0054
0055     buf = kzalloc(buflen, GFP_KERNEL);
0056     if (!buf)
0057         return -ENOMEM;
0058
0059     memcpy(buf, data, datalen);
0060
0061     /*
0062      * Replace all space characters with underscore for event names and
0063      * strings. This avoid that, during the parsing of a measurements list,
0064      * filenames with spaces or that end with the suffix ' (deleted)' are
0065      * split into multiple template fields (the space is the delimitator
0066      * character for measurements lists in ASCII format).
0067      */
0068     if (datafmt == DATA_FMT_STRING) {
0069         for (buf_ptr = buf; buf_ptr - buf < datalen; buf_ptr++)
0070             if (*buf_ptr == ' ')
0071                 *buf_ptr = '_';
0072     }
0073
0074     field_data->data = buf;
0075     field_data->len = buflen;
0076     return 0;
0077 }
0078
0079 static void ima_show_template_data_ascii(struct seq_file *m,
0080                      enum ima_show_type show,
0081                      enum data_formats datafmt,
0082                      struct ima_field_data *field_data)
0083 {
0084     u8 *buf_ptr = field_data->data;
0085     u32 buflen = field_data->len;
0086
0087     switch (datafmt) {
0088     case DATA_FMT_DIGEST_WITH_TYPE_AND_ALGO:
0089     case DATA_FMT_DIGEST_WITH_ALGO:
0090         buf_ptr = strrchr(field_data->data, ':');
0091         if (buf_ptr != field_data->data)
0092             seq_printf(m, "%s", field_data->data);
0093
0094         /* skip ':' and '\0' */
0095         buf_ptr += 2;
0096         buflen -= buf_ptr - field_data->data;
0097         fallthrough;
0098     case DATA_FMT_DIGEST:
0099     case DATA_FMT_HEX:
0100         if (!buflen)
0101             break;
0102         ima_print_digest(m, buf_ptr, buflen);
0103         break;
0104     case DATA_FMT_STRING:
0105         seq_printf(m, "%s", buf_ptr);
0106         break;
0107     case DATA_FMT_UINT:
0108         switch (field_data->len) {
0109         case sizeof(u8):
0110             seq_printf(m, "%u", *(u8 *)buf_ptr);
0111             break;
0112         case sizeof(u16):
0113             if (ima_canonical_fmt)
0114                 seq_printf(m, "%u",
0115                        le16_to_cpu(*(__le16 *)buf_ptr));
0116             else
0117                 seq_printf(m, "%u", *(u16 *)buf_ptr);
0118             break;
0119         case sizeof(u32):
0120             if (ima_canonical_fmt)
0121                 seq_printf(m, "%u",
0122                        le32_to_cpu(*(__le32 *)buf_ptr));
0123             else
0124                 seq_printf(m, "%u", *(u32 *)buf_ptr);
0125             break;
0126         case sizeof(u64):
0127             if (ima_canonical_fmt)
0128                 seq_printf(m, "%llu",
0129                        le64_to_cpu(*(__le64 *)buf_ptr));
0130             else
0131                 seq_printf(m, "%llu", *(u64 *)buf_ptr);
0132             break;
0133         default:
0134             break;
0135         }
0136         break;
0137     default:
0138         break;
0139     }
0140 }
0141
0142 static void ima_show_template_data_binary(struct seq_file *m,
0143                       enum ima_show_type show,
0144                       enum data_formats datafmt,
0145                       struct ima_field_data *field_data)
0146 {
0147     u32 len = (show == IMA_SHOW_BINARY_OLD_STRING_FMT) ?
0148         strlen(field_data->data) : field_data->len;
0149
0150     if (show != IMA_SHOW_BINARY_NO_FIELD_LEN) {
0151         u32 field_len = !ima_canonical_fmt ?
0152                 len : (__force u32)cpu_to_le32(len);
0153
0154         ima_putc(m, &field_len, sizeof(field_len));
0155     }
0156
0157     if (!len)
0158         return;
0159
0160     ima_putc(m, field_data->data, len);
0161 }
0162
0163 static void ima_show_template_field_data(struct seq_file *m,
0164                      enum ima_show_type show,
0165                      enum data_formats datafmt,
0166                      struct ima_field_data *field_data)
0167 {
0168     switch (show) {
0169     case IMA_SHOW_ASCII:
0170         ima_show_template_data_ascii(m, show, datafmt, field_data);
0171         break;
0172     case IMA_SHOW_BINARY:
0173     case IMA_SHOW_BINARY_NO_FIELD_LEN:
0174     case IMA_SHOW_BINARY_OLD_STRING_FMT:
0175         ima_show_template_data_binary(m, show, datafmt, field_data);
0176         break;
0177     default:
0178         break;
0179     }
0180 }
0181
0182 void ima_show_template_digest(struct seq_file *m, enum ima_show_type show,
0183                   struct ima_field_data *field_data)
0184 {
0185     ima_show_template_field_data(m, show, DATA_FMT_DIGEST, field_data);
0186 }
0187
0188 void ima_show_template_digest_ng(struct seq_file *m, enum ima_show_type show,
0189                  struct ima_field_data *field_data)
0190 {
0191     ima_show_template_field_data(m, show, DATA_FMT_DIGEST_WITH_ALGO,
0192                      field_data);
0193 }
0194
0195 void ima_show_template_digest_ngv2(struct seq_file *m, enum ima_show_type show,
0196                    struct ima_field_data *field_data)
0197 {
0198     ima_show_template_field_data(m, show,
0199                      DATA_FMT_DIGEST_WITH_TYPE_AND_ALGO,
0200                      field_data);
0201 }
0202
0203 void ima_show_template_string(struct seq_file *m, enum ima_show_type show,
0204                   struct ima_field_data *field_data)
0205 {
0206     ima_show_template_field_data(m, show, DATA_FMT_STRING, field_data);
0207 }
0208
0209 void ima_show_template_sig(struct seq_file *m, enum ima_show_type show,
0210                struct ima_field_data *field_data)
0211 {
0212     ima_show_template_field_data(m, show, DATA_FMT_HEX, field_data);
0213 }
0214
0215 void ima_show_template_buf(struct seq_file *m, enum ima_show_type show,
0216                struct ima_field_data *field_data)
0217 {
0218     ima_show_template_field_data(m, show, DATA_FMT_HEX, field_data);
0219 }
0220
0221 void ima_show_template_uint(struct seq_file *m, enum ima_show_type show,
0222                 struct ima_field_data *field_data)
0223 {
0224     ima_show_template_field_data(m, show, DATA_FMT_UINT, field_data);
0225 }
0226
0227 /**
0228  * ima_parse_buf() - Parses lengths and data from an input buffer
0229  * @bufstartp:       Buffer start address.
0230  * @bufendp:         Buffer end address.
0231  * @bufcurp:         Pointer to remaining (non-parsed) data.
0232  * @maxfields:       Length of fields array.
0233  * @fields:          Array containing lengths and pointers of parsed data.
0234  * @curfields:       Number of array items containing parsed data.
0235  * @len_mask:        Bitmap (if bit is set, data length should not be parsed).
0236  * @enforce_mask:    Check if curfields == maxfields and/or bufcurp == bufendp.
0237  * @bufname:         String identifier of the input buffer.
0238  *
0239  * Return: 0 on success, -EINVAL on error.
0240  */
0241 int ima_parse_buf(void *bufstartp, void *bufendp, void **bufcurp,
0242           int maxfields, struct ima_field_data *fields, int *curfields,
0243           unsigned long *len_mask, int enforce_mask, char *bufname)
0244 {
0245     void *bufp = bufstartp;
0246     int i;
0247
0248     for (i = 0; i < maxfields; i++) {
0249         if (len_mask == NULL || !test_bit(i, len_mask)) {
0250             if (bufp > (bufendp - sizeof(u32)))
0251                 break;
0252
0253             if (ima_canonical_fmt)
0254                 fields[i].len = le32_to_cpu(*(__le32 *)bufp);
0255             else
0256                 fields[i].len = *(u32 *)bufp;
0257
0258             bufp += sizeof(u32);
0259         }
0260
0261         if (bufp > (bufendp - fields[i].len))
0262             break;
0263
0264         fields[i].data = bufp;
0265         bufp += fields[i].len;
0266     }
0267
0268     if ((enforce_mask & ENFORCE_FIELDS) && i != maxfields) {
0269         pr_err("%s: nr of fields mismatch: expected: %d, current: %d\n",
0270                bufname, maxfields, i);
0271         return -EINVAL;
0272     }
0273
0274     if ((enforce_mask & ENFORCE_BUFEND) && bufp != bufendp) {
0275         pr_err("%s: buf end mismatch: expected: %p, current: %p\n",
0276                bufname, bufendp, bufp);
0277         return -EINVAL;
0278     }
0279
0280     if (curfields)
0281         *curfields = i;
0282
0283     if (bufcurp)
0284         *bufcurp = bufp;
0285
0286     return 0;
0287 }
0288
0289 static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize,
0290                        u8 digest_type, u8 hash_algo,
0291                        struct ima_field_data *field_data)
0292 {
0293     /*
0294      * digest formats:
0295      *  - DATA_FMT_DIGEST: digest
0296      *  - DATA_FMT_DIGEST_WITH_ALGO: <hash algo> + ':' + '\0' + digest,
0297      *  - DATA_FMT_DIGEST_WITH_TYPE_AND_ALGO:
0298      *  <digest type> + ':' + <hash algo> + ':' + '\0' + digest,
0299      *
0300      *    where 'DATA_FMT_DIGEST' is the original digest format ('d')
0301      *      with a hash size limitation of 20 bytes,
0302      *    where <digest type> is either "ima" or "verity",
0303      *    where <hash algo> is the hash_algo_name[] string.
0304      */
0305     u8 buffer[DIGEST_TYPE_NAME_LEN_MAX + CRYPTO_MAX_ALG_NAME + 2 +
0306         IMA_MAX_DIGEST_SIZE] = { 0 };
0307     enum data_formats fmt = DATA_FMT_DIGEST;
0308     u32 offset = 0;
0309
0310     if (digest_type < DIGEST_TYPE__LAST && hash_algo < HASH_ALGO__LAST) {
0311         fmt = DATA_FMT_DIGEST_WITH_TYPE_AND_ALGO;
0312         offset += 1 + sprintf(buffer, "%s:%s:",
0313                       digest_type_name[digest_type],
0314                       hash_algo_name[hash_algo]);
0315     } else if (hash_algo < HASH_ALGO__LAST) {
0316         fmt = DATA_FMT_DIGEST_WITH_ALGO;
0317         offset += 1 + sprintf(buffer, "%s:",
0318                       hash_algo_name[hash_algo]);
0319     }
0320
0321     if (digest)
0322         memcpy(buffer + offset, digest, digestsize);
0323     else
0324         /*
0325          * If digest is NULL, the event being recorded is a violation.
0326          * Make room for the digest by increasing the offset by the
0327          * hash algorithm digest size.
0328          */
0329         offset += hash_digest_size[hash_algo];
0330
0331     return ima_write_template_field_data(buffer, offset + digestsize,
0332                          fmt, field_data);
0333 }
0334
0335 /*
0336  * This function writes the digest of an event (with size limit).
0337  */
0338 int ima_eventdigest_init(struct ima_event_data *event_data,
0339              struct ima_field_data *field_data)
0340 {
0341     struct ima_max_digest_data hash;
0342     u8 *cur_digest = NULL;
0343     u32 cur_digestsize = 0;
0344     struct inode *inode;
0345     int result;
0346
0347     memset(&hash, 0, sizeof(hash));
0348
0349     if (event_data->violation)  /* recording a violation. */
0350         goto out;
0351
0352     if (ima_template_hash_algo_allowed(event_data->iint->ima_hash->algo)) {
0353         cur_digest = event_data->iint->ima_hash->digest;
0354         cur_digestsize = event_data->iint->ima_hash->length;
0355         goto out;
0356     }
0357
0358     if ((const char *)event_data->filename == boot_aggregate_name) {
0359         if (ima_tpm_chip) {
0360             hash.hdr.algo = HASH_ALGO_SHA1;
0361             result = ima_calc_boot_aggregate(&hash.hdr);
0362
0363             /* algo can change depending on available PCR banks */
0364             if (!result && hash.hdr.algo != HASH_ALGO_SHA1)
0365                 result = -EINVAL;
0366
0367             if (result < 0)
0368                 memset(&hash, 0, sizeof(hash));
0369         }
0370
0371         cur_digest = hash.hdr.digest;
0372         cur_digestsize = hash_digest_size[HASH_ALGO_SHA1];
0373         goto out;
0374     }
0375
0376     if (!event_data->file)  /* missing info to re-calculate the digest */
0377         return -EINVAL;
0378
0379     inode = file_inode(event_data->file);
0380     hash.hdr.algo = ima_template_hash_algo_allowed(ima_hash_algo) ?
0381         ima_hash_algo : HASH_ALGO_SHA1;
0382     result = ima_calc_file_hash(event_data->file, &hash.hdr);
0383     if (result) {
0384         integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode,
0385                     event_data->filename, "collect_data",
0386                     "failed", result, 0);
0387         return result;
0388     }
0389     cur_digest = hash.hdr.digest;
0390     cur_digestsize = hash.hdr.length;
0391 out:
0392     return ima_eventdigest_init_common(cur_digest, cur_digestsize,
0393                        DIGEST_TYPE__LAST, HASH_ALGO__LAST,
0394                        field_data);
0395 }
0396
0397 /*
0398  * This function writes the digest of an event (without size limit).
0399  */
0400 int ima_eventdigest_ng_init(struct ima_event_data *event_data,
0401                 struct ima_field_data *field_data)
0402 {
0403     u8 *cur_digest = NULL, hash_algo = ima_hash_algo;
0404     u32 cur_digestsize = 0;
0405
0406     if (event_data->violation)  /* recording a violation. */
0407         goto out;
0408
0409     cur_digest = event_data->iint->ima_hash->digest;
0410     cur_digestsize = event_data->iint->ima_hash->length;
0411
0412     hash_algo = event_data->iint->ima_hash->algo;
0413 out:
0414     return ima_eventdigest_init_common(cur_digest, cur_digestsize,
0415                        DIGEST_TYPE__LAST, hash_algo,
0416                        field_data);
0417 }
0418
0419 /*
0420  * This function writes the digest of an event (without size limit),
0421  * prefixed with both the digest type and hash algorithm.
0422  */
0423 int ima_eventdigest_ngv2_init(struct ima_event_data *event_data,
0424                   struct ima_field_data *field_data)
0425 {
0426     u8 *cur_digest = NULL, hash_algo = ima_hash_algo;
0427     u32 cur_digestsize = 0;
0428     u8 digest_type = DIGEST_TYPE_IMA;
0429
0430     if (event_data->violation)  /* recording a violation. */
0431         goto out;
0432
0433     cur_digest = event_data->iint->ima_hash->digest;
0434     cur_digestsize = event_data->iint->ima_hash->length;
0435
0436     hash_algo = event_data->iint->ima_hash->algo;
0437     if (event_data->iint->flags & IMA_VERITY_REQUIRED)
0438         digest_type = DIGEST_TYPE_VERITY;
0439 out:
0440     return ima_eventdigest_init_common(cur_digest, cur_digestsize,
0441                        digest_type, hash_algo,
0442                        field_data);
0443 }
0444
0445 /*
0446  * This function writes the digest of the file which is expected to match the
0447  * digest contained in the file's appended signature.
0448  */
0449 int ima_eventdigest_modsig_init(struct ima_event_data *event_data,
0450                 struct ima_field_data *field_data)
0451 {
0452     enum hash_algo hash_algo;
0453     const u8 *cur_digest;
0454     u32 cur_digestsize;
0455
0456     if (!event_data->modsig)
0457         return 0;
0458
0459     if (event_data->violation) {
0460         /* Recording a violation. */
0461         hash_algo = HASH_ALGO_SHA1;
0462         cur_digest = NULL;
0463         cur_digestsize = 0;
0464     } else {
0465         int rc;
0466
0467         rc = ima_get_modsig_digest(event_data->modsig, &hash_algo,
0468                        &cur_digest, &cur_digestsize);
0469         if (rc)
0470             return rc;
0471         else if (hash_algo == HASH_ALGO__LAST || cur_digestsize == 0)
0472             /* There was some error collecting the digest. */
0473             return -EINVAL;
0474     }
0475
0476     return ima_eventdigest_init_common(cur_digest, cur_digestsize,
0477                        DIGEST_TYPE__LAST, hash_algo,
0478                        field_data);
0479 }
0480
0481 static int ima_eventname_init_common(struct ima_event_data *event_data,
0482                      struct ima_field_data *field_data,
0483                      bool size_limit)
0484 {
0485     const char *cur_filename = NULL;
0486     u32 cur_filename_len = 0;
0487
0488     BUG_ON(event_data->filename == NULL && event_data->file == NULL);
0489
0490     if (event_data->filename) {
0491         cur_filename = event_data->filename;
0492         cur_filename_len = strlen(event_data->filename);
0493
0494         if (!size_limit || cur_filename_len <= IMA_EVENT_NAME_LEN_MAX)
0495             goto out;
0496     }
0497
0498     if (event_data->file) {
0499         cur_filename = event_data->file->f_path.dentry->d_name.name;
0500         cur_filename_len = strlen(cur_filename);
0501     } else
0502         /*
0503          * Truncate filename if the latter is too long and
0504          * the file descriptor is not available.
0505          */
0506         cur_filename_len = IMA_EVENT_NAME_LEN_MAX;
0507 out:
0508     return ima_write_template_field_data(cur_filename, cur_filename_len,
0509                          DATA_FMT_STRING, field_data);
0510 }
0511
0512 /*
0513  * This function writes the name of an event (with size limit).
0514  */
0515 int ima_eventname_init(struct ima_event_data *event_data,
0516                struct ima_field_data *field_data)
0517 {
0518     return ima_eventname_init_common(event_data, field_data, true);
0519 }
0520
0521 /*
0522  * This function writes the name of an event (without size limit).
0523  */
0524 int ima_eventname_ng_init(struct ima_event_data *event_data,
0525               struct ima_field_data *field_data)
0526 {
0527     return ima_eventname_init_common(event_data, field_data, false);
0528 }
0529
0530 /*
0531  *  ima_eventsig_init - include the file signature as part of the template data
0532  */
0533 int ima_eventsig_init(struct ima_event_data *event_data,
0534               struct ima_field_data *field_data)
0535 {
0536     struct evm_ima_xattr_data *xattr_value = event_data->xattr_value;
0537
0538     if (!xattr_value ||
0539         (xattr_value->type != EVM_IMA_XATTR_DIGSIG &&
0540          xattr_value->type != IMA_VERITY_DIGSIG))
0541         return ima_eventevmsig_init(event_data, field_data);
0542
0543     return ima_write_template_field_data(xattr_value, event_data->xattr_len,
0544                          DATA_FMT_HEX, field_data);
0545 }
0546
0547 /*
0548  *  ima_eventbuf_init - include the buffer(kexec-cmldine) as part of the
0549  *  template data.
0550  */
0551 int ima_eventbuf_init(struct ima_event_data *event_data,
0552               struct ima_field_data *field_data)
0553 {
0554     if ((!event_data->buf) || (event_data->buf_len == 0))
0555         return 0;
0556
0557     return ima_write_template_field_data(event_data->buf,
0558                          event_data->buf_len, DATA_FMT_HEX,
0559                          field_data);
0560 }
0561
0562 /*
0563  *  ima_eventmodsig_init - include the appended file signature as part of the
0564  *  template data
0565  */
0566 int ima_eventmodsig_init(struct ima_event_data *event_data,
0567              struct ima_field_data *field_data)
0568 {
0569     const void *data;
0570     u32 data_len;
0571     int rc;
0572
0573     if (!event_data->modsig)
0574         return 0;
0575
0576     /*
0577      * modsig is a runtime structure containing pointers. Get its raw data
0578      * instead.
0579      */
0580     rc = ima_get_raw_modsig(event_data->modsig, &data, &data_len);
0581     if (rc)
0582         return rc;
0583
0584     return ima_write_template_field_data(data, data_len, DATA_FMT_HEX,
0585                          field_data);
0586 }
0587
0588 /*
0589  *  ima_eventevmsig_init - include the EVM portable signature as part of the
0590  *  template data
0591  */
0592 int ima_eventevmsig_init(struct ima_event_data *event_data,
0593              struct ima_field_data *field_data)
0594 {
0595     struct evm_ima_xattr_data *xattr_data = NULL;
0596     int rc = 0;
0597
0598     if (!event_data->file)
0599         return 0;
0600
0601     rc = vfs_getxattr_alloc(&init_user_ns, file_dentry(event_data->file),
0602                 XATTR_NAME_EVM, (char **)&xattr_data, 0,
0603                 GFP_NOFS);
0604     if (rc <= 0)
0605         return 0;
0606
0607     if (xattr_data->type != EVM_XATTR_PORTABLE_DIGSIG) {
0608         kfree(xattr_data);
0609         return 0;
0610     }
0611
0612     rc = ima_write_template_field_data((char *)xattr_data, rc, DATA_FMT_HEX,
0613                        field_data);
0614     kfree(xattr_data);
0615     return rc;
0616 }
0617
0618 static int ima_eventinodedac_init_common(struct ima_event_data *event_data,
0619                      struct ima_field_data *field_data,
0620                      bool get_uid)
0621 {
0622     unsigned int id;
0623
0624     if (!event_data->file)
0625         return 0;
0626
0627     if (get_uid)
0628         id = i_uid_read(file_inode(event_data->file));
0629     else
0630         id = i_gid_read(file_inode(event_data->file));
0631
0632     if (ima_canonical_fmt) {
0633         if (sizeof(id) == sizeof(u16))
0634             id = (__force u16)cpu_to_le16(id);
0635         else
0636             id = (__force u32)cpu_to_le32(id);
0637     }
0638
0639     return ima_write_template_field_data((void *)&id, sizeof(id),
0640                          DATA_FMT_UINT, field_data);
0641 }
0642
0643 /*
0644  *  ima_eventinodeuid_init - include the inode UID as part of the template
0645  *  data
0646  */
0647 int ima_eventinodeuid_init(struct ima_event_data *event_data,
0648                struct ima_field_data *field_data)
0649 {
0650     return ima_eventinodedac_init_common(event_data, field_data, true);
0651 }
0652
0653 /*
0654  *  ima_eventinodegid_init - include the inode GID as part of the template
0655  *  data
0656  */
0657 int ima_eventinodegid_init(struct ima_event_data *event_data,
0658                struct ima_field_data *field_data)
0659 {
0660     return ima_eventinodedac_init_common(event_data, field_data, false);
0661 }
0662
0663 /*
0664  *  ima_eventinodemode_init - include the inode mode as part of the template
0665  *  data
0666  */
0667 int ima_eventinodemode_init(struct ima_event_data *event_data,
0668                 struct ima_field_data *field_data)
0669 {
0670     struct inode *inode;
0671     u16 mode;
0672
0673     if (!event_data->file)
0674         return 0;
0675
0676     inode = file_inode(event_data->file);
0677     mode = inode->i_mode;
0678     if (ima_canonical_fmt)
0679         mode = (__force u16)cpu_to_le16(mode);
0680
0681     return ima_write_template_field_data((char *)&mode, sizeof(mode),
0682                          DATA_FMT_UINT, field_data);
0683 }
0684
0685 static int ima_eventinodexattrs_init_common(struct ima_event_data *event_data,
0686                         struct ima_field_data *field_data,
0687                         char type)
0688 {
0689     u8 *buffer = NULL;
0690     int rc;
0691
0692     if (!event_data->file)
0693         return 0;
0694
0695     rc = evm_read_protected_xattrs(file_dentry(event_data->file), NULL, 0,
0696                        type, ima_canonical_fmt);
0697     if (rc < 0)
0698         return 0;
0699
0700     buffer = kmalloc(rc, GFP_KERNEL);
0701     if (!buffer)
0702         return 0;
0703
0704     rc = evm_read_protected_xattrs(file_dentry(event_data->file), buffer,
0705                        rc, type, ima_canonical_fmt);
0706     if (rc < 0) {
0707         rc = 0;
0708         goto out;
0709     }
0710
0711     rc = ima_write_template_field_data((char *)buffer, rc, DATA_FMT_HEX,
0712                        field_data);
0713 out:
0714     kfree(buffer);
0715     return rc;
0716 }
0717
0718 /*
0719  *  ima_eventinodexattrnames_init - include a list of xattr names as part of the
0720  *  template data
0721  */
0722 int ima_eventinodexattrnames_init(struct ima_event_data *event_data,
0723                   struct ima_field_data *field_data)
0724 {
0725     return ima_eventinodexattrs_init_common(event_data, field_data, 'n');
0726 }
0727
0728 /*
0729  *  ima_eventinodexattrlengths_init - include a list of xattr lengths as part of
0730  *  the template data
0731  */
0732 int ima_eventinodexattrlengths_init(struct ima_event_data *event_data,
0733                     struct ima_field_data *field_data)
0734 {
0735     return ima_eventinodexattrs_init_common(event_data, field_data, 'l');
0736 }
0737
0738 /*
0739  *  ima_eventinodexattrvalues_init - include a list of xattr values as part of
0740  *  the template data
0741  */
0742 int ima_eventinodexattrvalues_init(struct ima_event_data *event_data,
0743                    struct ima_field_data *field_data)
0744 {
0745     return ima_eventinodexattrs_init_common(event_data, field_data, 'v');
0746 }