Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * AppArmor security module
4 *
5 * This file contains AppArmor policy loading interface function definitions.
6 *
7 * Copyright 2013 Canonical Ltd.
8 *
9 * Fns to provide a checksum of policy that has been loaded this can be
10 * compared to userspace policy compiles to check loaded policy is what
11 * it should be.
12 */
13
14#include <crypto/sha2.h>
15
16#include "include/apparmor.h"
17#include "include/crypto.h"
18
19unsigned int aa_hash_size(void)
20{
21 return SHA256_DIGEST_SIZE;
22}
23
24char *aa_calc_hash(void *data, size_t len)
25{
26 char *hash;
27
28 hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
29 if (!hash)
30 return ERR_PTR(-ENOMEM);
31
32 sha256(data, len, hash);
33 return hash;
34}
35
36int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
37 size_t len)
38{
39 struct sha256_ctx sctx;
40 __le32 le32_version = cpu_to_le32(version);
41
42 if (!aa_g_hash_policy)
43 return 0;
44
45 profile->hash = kzalloc(SHA256_DIGEST_SIZE, GFP_KERNEL);
46 if (!profile->hash)
47 return -ENOMEM;
48
49 sha256_init(&sctx);
50 sha256_update(&sctx, (u8 *)&le32_version, 4);
51 sha256_update(&sctx, (u8 *)start, len);
52 sha256_final(&sctx, profile->hash);
53 return 0;
54}
55
56int __init init_profile_hash(void)
57{
58 if (apparmor_initialized)
59 aa_info_message("AppArmor sha256 policy hashing enabled");
60 return 0;
61}