2 files changed, 71 insertions, 0 deletions
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
new file mode 100644
index 000000000000..6434f0df012e
--- /dev/null
+++ b/Documentation/ABI/testing/ima_policy
@@ -0,0 +1,61 @@
+What:           security/ima/policy
+Date:           May 2008
+Contact:        Mimi Zohar <zohar@us.ibm.com>
+Description:
+                The Trusted Computing Group(TCG) runtime Integrity
+                Measurement Architecture(IMA) maintains a list of hash
+                values of executables and other sensitive system files
+                loaded into the run-time of this system.  At runtime,
+                the policy can be constrained based on LSM specific data.
+                Policies are loaded into the securityfs file ima/policy
+                by opening the file, writing the rules one at a time and
+                then closing the file.  The new policy takes effect after
+                the file ima/policy is closed.
+                rule format: action [condition ...]
+                action: measure | dont_measure
+                condition:= base | lsm
+                        base:   [[func=] [mask=] [fsmagic=] [uid=]]
+                        lsm:    [[subj_user=] [subj_role=] [subj_type=]
+                                 [obj_user=] [obj_role=] [obj_type=]]
+                base:   func:= [BPRM_CHECK][FILE_MMAP][INODE_PERMISSION]
+                        mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
+                        fsmagic:= hex value
+                        uid:= decimal value
+                lsm:    are LSM specific
+                default policy:
+                        # PROC_SUPER_MAGIC
+                        dont_measure fsmagic=0x9fa0
+                        # SYSFS_MAGIC
+                        dont_measure fsmagic=0x62656572
+                        # DEBUGFS_MAGIC
+                        dont_measure fsmagic=0x64626720
+                        # TMPFS_MAGIC
+                        dont_measure fsmagic=0x01021994
+                        # SECURITYFS_MAGIC
+                        dont_measure fsmagic=0x73636673
+                        measure func=BPRM_CHECK
+                        measure func=FILE_MMAP mask=MAY_EXEC
+                        measure func=INODE_PERM mask=MAY_READ uid=0
+                The default policy measures all executables in bprm_check,
+                all files mmapped executable in file_mmap, and all files
+                open for read by root in inode_permission.
+                Examples of LSM specific definitions:
+                SELinux:
+                        # SELINUX_MAGIC
+                        dont_measure fsmagic=0xF97CFF8C
+                        dont_measure obj_type=var_log_t
+                        dont_measure obj_type=auditd_log_t
+                        measure subj_user=system_u func=INODE_PERM mask=MAY_READ
+                        measure subj_role=system_r func=INODE_PERM mask=MAY_READ
+                Smack:
+                        measure subj_user=_ func=INODE_PERM mask=MAY_READ
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index d8362cf9909e..8cc40a1bee06 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -44,6 +44,7 @@ parameter is applicable:
        FB      The frame buffer device is enabled.
        HW      Appropriate hardware is enabled.
        IA-64   IA-64 architecture is enabled.
+        IMA     Integrity measurement architecture is enabled.
        IOSCHED More than one I/O scheduler is enabled.
        IP_PNP  IP DHCP, BOOTP, or RARP is enabled.
        ISAPNP  ISA PnP code is enabled.
@@ -900,6 +901,15 @@ and is between 256 and 4096 characters. It is defined in the file
        ihash_entries=  [KNL]
                        Set number of hash buckets for inode cache.
+        ima_audit=      [IMA]
+                        Format: { "0" | "1" }
+                        0 -- integrity auditing messages. (Default)
+                        1 -- enable informational integrity auditing messages.
+        ima_hash=       [IMA]
+                        Formt: { "sha1" | "md5" }
+                        default: "sha1"
        in2000=         [HW,SCSI]
                        See header of drivers/scsi/in2000.c.

diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy new file mode 100644 index 000000000000..6434f0df012e --- /dev/null +++ b/Documentation/ABI/testing/ima_policy
@@ -0,0 +1,61 @@
		1	What: security/ima/policy
		2	Date: May 2008
		3	Contact: Mimi Zohar <zohar@us.ibm.com>
		4	Description:
		5	The Trusted Computing Group(TCG) runtime Integrity
		6	Measurement Architecture(IMA) maintains a list of hash
		7	values of executables and other sensitive system files
		8	loaded into the run-time of this system. At runtime,
		9	the policy can be constrained based on LSM specific data.
		10	Policies are loaded into the securityfs file ima/policy
		11	by opening the file, writing the rules one at a time and
		12	then closing the file. The new policy takes effect after
		13	the file ima/policy is closed.
		14
		15	rule format: action [condition ...]
		16
		17	action: measure \| dont_measure
		18	condition:= base \| lsm
		19	base: [[func=] [mask=] [fsmagic=] [uid=]]
		20	lsm: [[subj_user=] [subj_role=] [subj_type=]
		21	[obj_user=] [obj_role=] [obj_type=]]
		22
		23	base: func:= [BPRM_CHECK][FILE_MMAP][INODE_PERMISSION]
		24	mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
		25	fsmagic:= hex value
		26	uid:= decimal value
		27	lsm: are LSM specific
		28
		29	default policy:
		30	# PROC_SUPER_MAGIC
		31	dont_measure fsmagic=0x9fa0
		32	# SYSFS_MAGIC
		33	dont_measure fsmagic=0x62656572
		34	# DEBUGFS_MAGIC
		35	dont_measure fsmagic=0x64626720
		36	# TMPFS_MAGIC
		37	dont_measure fsmagic=0x01021994
		38	# SECURITYFS_MAGIC
		39	dont_measure fsmagic=0x73636673
		40
		41	measure func=BPRM_CHECK
		42	measure func=FILE_MMAP mask=MAY_EXEC
		43	measure func=INODE_PERM mask=MAY_READ uid=0
		44
		45	The default policy measures all executables in bprm_check,
		46	all files mmapped executable in file_mmap, and all files
		47	open for read by root in inode_permission.
		48
		49	Examples of LSM specific definitions:
		50
		51	SELinux:
		52	# SELINUX_MAGIC
		53	dont_measure fsmagic=0xF97CFF8C
		54
		55	dont_measure obj_type=var_log_t
		56	dont_measure obj_type=auditd_log_t
		57	measure subj_user=system_u func=INODE_PERM mask=MAY_READ
		58	measure subj_role=system_r func=INODE_PERM mask=MAY_READ
		59
		60	Smack:
		61	measure subj_user=_ func=INODE_PERM mask=MAY_READ


diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index d8362cf9909e..8cc40a1bee06 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt
@@ -44,6 +44,7 @@ parameter is applicable:
44	FB The frame buffer device is enabled.	44	FB The frame buffer device is enabled.
45	HW Appropriate hardware is enabled.	45	HW Appropriate hardware is enabled.
46	IA-64 IA-64 architecture is enabled.	46	IA-64 IA-64 architecture is enabled.
		47	IMA Integrity measurement architecture is enabled.
47	IOSCHED More than one I/O scheduler is enabled.	48	IOSCHED More than one I/O scheduler is enabled.
48	IP_PNP IP DHCP, BOOTP, or RARP is enabled.	49	IP_PNP IP DHCP, BOOTP, or RARP is enabled.
49	ISAPNP ISA PnP code is enabled.	50	ISAPNP ISA PnP code is enabled.
@@ -900,6 +901,15 @@ and is between 256 and 4096 characters. It is defined in the file
900	ihash_entries= [KNL]	901	ihash_entries= [KNL]
901	Set number of hash buckets for inode cache.	902	Set number of hash buckets for inode cache.
902		903
		904	ima_audit= [IMA]
		905	Format: { "0" \| "1" }
		906	0 -- integrity auditing messages. (Default)
		907	1 -- enable informational integrity auditing messages.
		908
		909	ima_hash= [IMA]
		910	Formt: { "sha1" \| "md5" }
		911	default: "sha1"
		912
903	in2000= [HW,SCSI]	913	in2000= [HW,SCSI]
904	See header of drivers/scsi/in2000.c.	914	See header of drivers/scsi/in2000.c.
905		915