aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity/ima/ima_policy.c
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2009-02-04 09:06:58 -0500
committerJames Morris <jmorris@namei.org>2009-02-05 17:05:30 -0500
commit3323eec921efd815178a23107ab63588c605c0b2 (patch)
treebc9e9714ac4881ebc515c1bd155674c52c356d6a /security/integrity/ima/ima_policy.c
parent6146f0d5e47ca4047ffded0fb79b6c25359b386c (diff)
integrity: IMA as an integrity service provider
IMA provides hardware (TPM) based measurement and attestation for file measurements. As the Trusted Computing (TPM) model requires, IMA measures all files before they are accessed in any way (on the integrity_bprm_check, integrity_path_check and integrity_file_mmap hooks), and commits the measurements to the TPM. Once added to the TPM, measurements can not be removed. In addition, IMA maintains a list of these file measurements, which can be used to validate the aggregate value stored in the TPM. The TPM can sign these measurements, and thus the system can prove, to itself and to a third party, the system's integrity in a way that cannot be circumvented by malicious or compromised software. - alloc ima_template_entry before calling ima_store_template() - log ima_add_boot_aggregate() failure - removed unused IMA_TEMPLATE_NAME_LEN - replaced hard coded string length with #define name Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity/ima/ima_policy.c')
-rw-r--r--security/integrity/ima/ima_policy.c126
1 files changed, 126 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
new file mode 100644
index 000000000000..7c3d1ffb1472
--- /dev/null
+++ b/security/integrity/ima/ima_policy.c
@@ -0,0 +1,126 @@
1/*
2 * Copyright (C) 2008 IBM Corporation
3 * Author: Mimi Zohar <zohar@us.ibm.com>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, version 2 of the License.
8 *
9 * ima_policy.c
10 * - initialize default measure policy rules
11 *
12 */
13#include <linux/module.h>
14#include <linux/list.h>
15#include <linux/audit.h>
16#include <linux/security.h>
17#include <linux/magic.h>
18
19#include "ima.h"
20
21/* flags definitions */
22#define IMA_FUNC 0x0001
23#define IMA_MASK 0x0002
24#define IMA_FSMAGIC 0x0004
25#define IMA_UID 0x0008
26
27enum ima_action { DONT_MEASURE, MEASURE };
28
29struct ima_measure_rule_entry {
30 struct list_head list;
31 enum ima_action action;
32 unsigned int flags;
33 enum ima_hooks func;
34 int mask;
35 unsigned long fsmagic;
36 uid_t uid;
37};
38
39static struct ima_measure_rule_entry default_rules[] = {
40 {.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC,
41 .flags = IMA_FSMAGIC},
42 {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
43 {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
44 {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
45 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,
46 .flags = IMA_FSMAGIC},
47 {.action = DONT_MEASURE,.fsmagic = 0xF97CFF8C,.flags = IMA_FSMAGIC},
48 {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,
49 .flags = IMA_FUNC | IMA_MASK},
50 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
51 .flags = IMA_FUNC | IMA_MASK},
52 {.action = MEASURE,.func = PATH_CHECK,.mask = MAY_READ,.uid = 0,
53 .flags = IMA_FUNC | IMA_MASK | IMA_UID}
54};
55
56static LIST_HEAD(measure_default_rules);
57static struct list_head *ima_measure;
58
59/**
60 * ima_match_rules - determine whether an inode matches the measure rule.
61 * @rule: a pointer to a rule
62 * @inode: a pointer to an inode
63 * @func: LIM hook identifier
64 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
65 *
66 * Returns true on rule match, false on failure.
67 */
68static bool ima_match_rules(struct ima_measure_rule_entry *rule,
69 struct inode *inode, enum ima_hooks func, int mask)
70{
71 struct task_struct *tsk = current;
72
73 if ((rule->flags & IMA_FUNC) && rule->func != func)
74 return false;
75 if ((rule->flags & IMA_MASK) && rule->mask != mask)
76 return false;
77 if ((rule->flags & IMA_FSMAGIC)
78 && rule->fsmagic != inode->i_sb->s_magic)
79 return false;
80 if ((rule->flags & IMA_UID) && rule->uid != tsk->cred->uid)
81 return false;
82 return true;
83}
84
85/**
86 * ima_match_policy - decision based on LSM and other conditions
87 * @inode: pointer to an inode for which the policy decision is being made
88 * @func: IMA hook identifier
89 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
90 *
91 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
92 * conditions.
93 *
94 * (There is no need for locking when walking the policy list,
95 * as elements in the list are never deleted, nor does the list
96 * change.)
97 */
98int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask)
99{
100 struct ima_measure_rule_entry *entry;
101
102 list_for_each_entry(entry, ima_measure, list) {
103 bool rc;
104
105 rc = ima_match_rules(entry, inode, func, mask);
106 if (rc)
107 return entry->action;
108 }
109 return 0;
110}
111
112/**
113 * ima_init_policy - initialize the default measure rules.
114 *
115 * (Could use the default_rules directly, but in policy patch
116 * ima_measure points to either the measure_default_rules or the
117 * the new measure_policy_rules.)
118 */
119void ima_init_policy(void)
120{
121 int i;
122
123 for (i = 0; i < ARRAY_SIZE(default_rules); i++)
124 list_add_tail(&default_rules[i].list, &measure_default_rules);
125 ima_measure = &measure_default_rules;
126}