4 files changed, 105 insertions, 8 deletions
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index 6cd6daefaaed..986946613542 100644
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -12,11 +12,14 @@ Description:
                then closing the file.  The new policy takes effect after
                the file ima/policy is closed.
+                IMA appraisal, if configured, uses these file measurements
+                for local measurement appraisal.
                rule format: action [condition ...]
-                action: measure | dont_measure
+                action: measure | dont_measure | appraise | dont_appraise | audit
                condition:= base | lsm
-                        base:   [[func=] [mask=] [fsmagic=] [uid=]]
+                        base:   [[func=] [mask=] [fsmagic=] [uid=] [fowner]]
                        lsm:    [[subj_user=] [subj_role=] [subj_type=]
                                 [obj_user=] [obj_role=] [obj_type=]]
@@ -24,36 +27,50 @@ Description:
                        mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
                        fsmagic:= hex value
                        uid:= decimal value
+                        fowner:=decimal value
                lsm:    are LSM specific
                default policy:
                        # PROC_SUPER_MAGIC
                        dont_measure fsmagic=0x9fa0
+                        dont_appraise fsmagic=0x9fa0
                        # SYSFS_MAGIC
                        dont_measure fsmagic=0x62656572
+                        dont_appraise fsmagic=0x62656572
                        # DEBUGFS_MAGIC
                        dont_measure fsmagic=0x64626720
+                        dont_appraise fsmagic=0x64626720
                        # TMPFS_MAGIC
                        dont_measure fsmagic=0x01021994
+                        dont_appraise fsmagic=0x01021994
+                        # RAMFS_MAGIC
+                        dont_measure fsmagic=0x858458f6
+                        dont_appraise fsmagic=0x858458f6
                        # SECURITYFS_MAGIC
                        dont_measure fsmagic=0x73636673
+                        dont_appraise fsmagic=0x73636673
                        measure func=BPRM_CHECK
                        measure func=FILE_MMAP mask=MAY_EXEC
                        measure func=FILE_CHECK mask=MAY_READ uid=0
+                        appraise fowner=0
                The default policy measures all executables in bprm_check,
                all files mmapped executable in file_mmap, and all files
-                open for read by root in do_filp_open.
+                open for read by root in do_filp_open.  The default appraisal
+                policy appraises all files owned by root.
                Examples of LSM specific definitions:
                SELinux:
                        # SELINUX_MAGIC
-                        dont_measure fsmagic=0xF97CFF8C
+                        dont_measure fsmagic=0xf97cff8c
+                        dont_appraise fsmagic=0xf97cff8c
                        dont_measure obj_type=var_log_t
+                        dont_appraise obj_type=var_log_t
                        dont_measure obj_type=auditd_log_t
+                        dont_appraise obj_type=auditd_log_t
                        measure subj_user=system_u func=FILE_CHECK mask=MAY_READ
                        measure subj_role=system_r func=FILE_CHECK mask=MAY_READ
diff --git a/Documentation/ABI/testing/sysfs-driver-ppi b/Documentation/ABI/testing/sysfs-driver-ppi
new file mode 100644
index 000000000000..97a003ee058b
--- /dev/null
+++ b/Documentation/ABI/testing/sysfs-driver-ppi
@@ -0,0 +1,70 @@
+What:           /sys/devices/pnp0/<bus-num>/ppi/
+Date:           August 2012
+Kernel Version: 3.6
+Contact:        xiaoyan.zhang@intel.com
+Description:
+                This folder includes the attributes related with PPI (Physical
+                Presence Interface). Only if TPM is supported by BIOS, this
+                folder makes sence. The folder path can be got by command
+                'find /sys/ -name 'pcrs''. For the detail information of PPI,
+                please refer to the PPI specification from
+                http://www.trustedcomputinggroup.org/
+What:           /sys/devices/pnp0/<bus-num>/ppi/version
+Date:           August 2012
+Contact:        xiaoyan.zhang@intel.com
+Description:
+                This attribute shows the version of the PPI supported by the
+                platform.
+                This file is readonly.
+What:           /sys/devices/pnp0/<bus-num>/ppi/request
+Date:           August 2012
+Contact:        xiaoyan.zhang@intel.com
+Description:
+                This attribute shows the request for an operation to be
+                executed in the pre-OS environment. It is the only input from
+                the OS to the pre-OS environment. The request should be an
+                integer value range from 1 to 160, and 0 means no request.
+                This file can be read and written.
+What:           /sys/devices/pnp0/00:<bus-num>/ppi/response
+Date:           August 2012
+Contact:        xiaoyan.zhang@intel.com
+Description:
+                This attribute shows the response to the most recent operation
+                request it acted upon. The format is "<request> <response num>
+                : <response description>".
+                This file is readonly.
+What:           /sys/devices/pnp0/<bus-num>/ppi/transition_action
+Date:           August 2012
+Contact:        xiaoyan.zhang@intel.com
+Description:
+                This attribute shows the platform-specific action that should
+                take place in order to transition to the BIOS for execution of
+                a requested operation. The format is "<action num>: <action
+                description>".
+                This file is readonly.
+What:           /sys/devices/pnp0/<bus-num>/ppi/tcg_operations
+Date:           August 2012
+Contact:        xiaoyan.zhang@intel.com
+Description:
+                This attribute shows whether it is allowed to request an
+                operation to be executed in the pre-OS environment by the BIOS
+                for the requests defined by TCG, i.e. requests from 1 to 22.
+                The format is "<request> <status num>: <status description>".
+                This attribute is only supported by PPI version 1.2+.
+                This file is readonly.
+What:           /sys/devices/pnp0/<bus-num>/ppi/vs_operations
+Date:           August 2012
+Contact:        xiaoyan.zhang@intel.com
+Description:
+                This attribute shows whether it is allowed to request an
+                operation to be executed in the pre-OS environment by the BIOS
+                for the verdor specific requests, i.e. requests from 128 to
+                255. The format is same with tcg_operations. This attribute
+                is also only supported by PPI version 1.2+.
+                This file is readonly.
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index ad7e2e5088c1..949dddcfd177 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1051,6 +1051,14 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
        ihash_entries=  [KNL]
                        Set number of hash buckets for inode cache.
+        ima_appraise=   [IMA] appraise integrity measurements
+                        Format: { "off" | "enforce" | "fix" }
+                        default: "enforce"
+        ima_appraise_tcb [IMA]
+                        The builtin appraise policy appraises all files
+                        owned by uid=0.
        ima_audit=      [IMA]
                        Format: { "0" | "1" }
                        0 -- integrity auditing messages. (Default)
diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt
index a416479b8a1c..8a177e4b6e21 100644
--- a/Documentation/security/Smack.txt
+++ b/Documentation/security/Smack.txt
@@ -28,12 +28,11 @@ Smack kernels use the CIPSO IP option. Some network
 configurations are intolerant of IP options and can impede
 access to systems that use them as Smack does.
-The current git repositories for Smack user space are:
+The current git repository for Smack user space is:
-        git@gitorious.org:meego-platform-security/smackutil.git
+        git://github.com/smack-team/smack.git
-        git@gitorious.org:meego-platform-security/libsmack.git
-These should make and install on most modern distributions.
+This should make and install on most modern distributions.
 There are three commands included in smackutil:
 smackload  - properly formats data for writing to /smack/load
@@ -194,6 +193,9 @@ onlycap
        these capabilities are effective at for processes with any
        label. The value is set by writing the desired label to the
        file or cleared by writing "-" to the file.
+revoke-subject
+        Writing a Smack label here sets the access to '-' for all access
+        rules with that subject label.
 You can add access rules in /etc/smack/accesses. They take the form:

diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy index 6cd6daefaaed..986946613542 100644 --- a/Documentation/ABI/testing/ima_policy +++ b/Documentation/ABI/testing/ima_policy
@@ -12,11 +12,14 @@ Description:
12	then closing the file. The new policy takes effect after	12	then closing the file. The new policy takes effect after
13	the file ima/policy is closed.	13	the file ima/policy is closed.
14		14
		15	IMA appraisal, if configured, uses these file measurements
		16	for local measurement appraisal.
		17
15	rule format: action [condition ...]	18	rule format: action [condition ...]
16		19
17	action: measure \| dont_measure	20	action: measure \| dont_measure \| appraise \| dont_appraise \| audit
18	condition:= base \| lsm	21	condition:= base \| lsm
19	base: [[func=] [mask=] [fsmagic=] [uid=]]	22	base: [[func=] [mask=] [fsmagic=] [uid=] [fowner]]
20	lsm: [[subj_user=] [subj_role=] [subj_type=]	23	lsm: [[subj_user=] [subj_role=] [subj_type=]
21	[obj_user=] [obj_role=] [obj_type=]]	24	[obj_user=] [obj_role=] [obj_type=]]
22		25
@@ -24,36 +27,50 @@ Description:
24	mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]	27	mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
25	fsmagic:= hex value	28	fsmagic:= hex value
26	uid:= decimal value	29	uid:= decimal value
		30	fowner:=decimal value
27	lsm: are LSM specific	31	lsm: are LSM specific
28		32
29	default policy:	33	default policy:
30	# PROC_SUPER_MAGIC	34	# PROC_SUPER_MAGIC
31	dont_measure fsmagic=0x9fa0	35	dont_measure fsmagic=0x9fa0
		36	dont_appraise fsmagic=0x9fa0
32	# SYSFS_MAGIC	37	# SYSFS_MAGIC
33	dont_measure fsmagic=0x62656572	38	dont_measure fsmagic=0x62656572
		39	dont_appraise fsmagic=0x62656572
34	# DEBUGFS_MAGIC	40	# DEBUGFS_MAGIC
35	dont_measure fsmagic=0x64626720	41	dont_measure fsmagic=0x64626720
		42	dont_appraise fsmagic=0x64626720
36	# TMPFS_MAGIC	43	# TMPFS_MAGIC
37	dont_measure fsmagic=0x01021994	44	dont_measure fsmagic=0x01021994
		45	dont_appraise fsmagic=0x01021994
		46	# RAMFS_MAGIC
		47	dont_measure fsmagic=0x858458f6
		48	dont_appraise fsmagic=0x858458f6
38	# SECURITYFS_MAGIC	49	# SECURITYFS_MAGIC
39	dont_measure fsmagic=0x73636673	50	dont_measure fsmagic=0x73636673
		51	dont_appraise fsmagic=0x73636673
40		52
41	measure func=BPRM_CHECK	53	measure func=BPRM_CHECK
42	measure func=FILE_MMAP mask=MAY_EXEC	54	measure func=FILE_MMAP mask=MAY_EXEC
43	measure func=FILE_CHECK mask=MAY_READ uid=0	55	measure func=FILE_CHECK mask=MAY_READ uid=0
		56	appraise fowner=0
44		57
45	The default policy measures all executables in bprm_check,	58	The default policy measures all executables in bprm_check,
46	all files mmapped executable in file_mmap, and all files	59	all files mmapped executable in file_mmap, and all files
47	open for read by root in do_filp_open.	60	open for read by root in do_filp_open. The default appraisal
		61	policy appraises all files owned by root.
48		62
49	Examples of LSM specific definitions:	63	Examples of LSM specific definitions:
50		64
51	SELinux:	65	SELinux:
52	# SELINUX_MAGIC	66	# SELINUX_MAGIC
53	dont_measure fsmagic=0xF97CFF8C	67	dont_measure fsmagic=0xf97cff8c
		68	dont_appraise fsmagic=0xf97cff8c
54		69
55	dont_measure obj_type=var_log_t	70	dont_measure obj_type=var_log_t
		71	dont_appraise obj_type=var_log_t
56	dont_measure obj_type=auditd_log_t	72	dont_measure obj_type=auditd_log_t
		73	dont_appraise obj_type=auditd_log_t
57	measure subj_user=system_u func=FILE_CHECK mask=MAY_READ	74	measure subj_user=system_u func=FILE_CHECK mask=MAY_READ
58	measure subj_role=system_r func=FILE_CHECK mask=MAY_READ	75	measure subj_role=system_r func=FILE_CHECK mask=MAY_READ
59		76


diff --git a/Documentation/ABI/testing/sysfs-driver-ppi b/Documentation/ABI/testing/sysfs-driver-ppi new file mode 100644 index 000000000000..97a003ee058b --- /dev/null +++ b/Documentation/ABI/testing/sysfs-driver-ppi
@@ -0,0 +1,70 @@
		1	What: /sys/devices/pnp0/<bus-num>/ppi/
		2	Date: August 2012
		3	Kernel Version: 3.6
		4	Contact: xiaoyan.zhang@intel.com
		5	Description:
		6	This folder includes the attributes related with PPI (Physical
		7	Presence Interface). Only if TPM is supported by BIOS, this
		8	folder makes sence. The folder path can be got by command
		9	'find /sys/ -name 'pcrs''. For the detail information of PPI,
		10	please refer to the PPI specification from
		11	http://www.trustedcomputinggroup.org/
		12
		13	What: /sys/devices/pnp0/<bus-num>/ppi/version
		14	Date: August 2012
		15	Contact: xiaoyan.zhang@intel.com
		16	Description:
		17	This attribute shows the version of the PPI supported by the
		18	platform.
		19	This file is readonly.
		20
		21	What: /sys/devices/pnp0/<bus-num>/ppi/request
		22	Date: August 2012
		23	Contact: xiaoyan.zhang@intel.com
		24	Description:
		25	This attribute shows the request for an operation to be
		26	executed in the pre-OS environment. It is the only input from
		27	the OS to the pre-OS environment. The request should be an
		28	integer value range from 1 to 160, and 0 means no request.
		29	This file can be read and written.
		30
		31	What: /sys/devices/pnp0/00:<bus-num>/ppi/response
		32	Date: August 2012
		33	Contact: xiaoyan.zhang@intel.com
		34	Description:
		35	This attribute shows the response to the most recent operation
		36	request it acted upon. The format is "<request> <response num>
		37	: <response description>".
		38	This file is readonly.
		39
		40	What: /sys/devices/pnp0/<bus-num>/ppi/transition_action
		41	Date: August 2012
		42	Contact: xiaoyan.zhang@intel.com
		43	Description:
		44	This attribute shows the platform-specific action that should
		45	take place in order to transition to the BIOS for execution of
		46	a requested operation. The format is "<action num>: <action
		47	description>".
		48	This file is readonly.
		49
		50	What: /sys/devices/pnp0/<bus-num>/ppi/tcg_operations
		51	Date: August 2012
		52	Contact: xiaoyan.zhang@intel.com
		53	Description:
		54	This attribute shows whether it is allowed to request an
		55	operation to be executed in the pre-OS environment by the BIOS
		56	for the requests defined by TCG, i.e. requests from 1 to 22.
		57	The format is "<request> <status num>: <status description>".
		58	This attribute is only supported by PPI version 1.2+.
		59	This file is readonly.
		60
		61	What: /sys/devices/pnp0/<bus-num>/ppi/vs_operations
		62	Date: August 2012
		63	Contact: xiaoyan.zhang@intel.com
		64	Description:
		65	This attribute shows whether it is allowed to request an
		66	operation to be executed in the pre-OS environment by the BIOS
		67	for the verdor specific requests, i.e. requests from 128 to
		68	255. The format is same with tcg_operations. This attribute
		69	is also only supported by PPI version 1.2+.
		70	This file is readonly.


diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index ad7e2e5088c1..949dddcfd177 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt
@@ -1051,6 +1051,14 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
1051	ihash_entries= [KNL]	1051	ihash_entries= [KNL]
1052	Set number of hash buckets for inode cache.	1052	Set number of hash buckets for inode cache.
1053		1053
		1054	ima_appraise= [IMA] appraise integrity measurements
		1055	Format: { "off" \| "enforce" \| "fix" }
		1056	default: "enforce"
		1057
		1058	ima_appraise_tcb [IMA]
		1059	The builtin appraise policy appraises all files
		1060	owned by uid=0.
		1061
1054	ima_audit= [IMA]	1062	ima_audit= [IMA]
1055	Format: { "0" \| "1" }	1063	Format: { "0" \| "1" }
1056	0 -- integrity auditing messages. (Default)	1064	0 -- integrity auditing messages. (Default)


diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt index a416479b8a1c..8a177e4b6e21 100644 --- a/Documentation/security/Smack.txt +++ b/Documentation/security/Smack.txt
@@ -28,12 +28,11 @@ Smack kernels use the CIPSO IP option. Some network
28	configurations are intolerant of IP options and can impede	28	configurations are intolerant of IP options and can impede
29	access to systems that use them as Smack does.	29	access to systems that use them as Smack does.
30		30
31	The current git repositories for Smack user space are:	31	The current git repository for Smack user space is:
32		32
33	git@gitorious.org:meego-platform-security/smackutil.git	33	git://github.com/smack-team/smack.git
34	git@gitorious.org:meego-platform-security/libsmack.git
35		34
36	These should make and install on most modern distributions.	35	This should make and install on most modern distributions.
37	There are three commands included in smackutil:	36	There are three commands included in smackutil:
38		37
39	smackload - properly formats data for writing to /smack/load	38	smackload - properly formats data for writing to /smack/load
@@ -194,6 +193,9 @@ onlycap
194	these capabilities are effective at for processes with any	193	these capabilities are effective at for processes with any
195	label. The value is set by writing the desired label to the	194	label. The value is set by writing the desired label to the
196	file or cleared by writing "-" to the file.	195	file or cleared by writing "-" to the file.
		196	revoke-subject
		197	Writing a Smack label here sets the access to '-' for all access
		198	rules with that subject label.
197		199
198	You can add access rules in /etc/smack/accesses. They take the form:	200	You can add access rules in /etc/smack/accesses. They take the form:
199		201