diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 31d677f7c65f..4719bbf1641a 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -45,9 +45,17 @@ struct ima_measure_rule_entry { | |||
| 45 | } lsm[MAX_LSM_RULES]; | 45 | } lsm[MAX_LSM_RULES]; |
| 46 | }; | 46 | }; |
| 47 | 47 | ||
| 48 | /* Without LSM specific knowledge, the default policy can only be | 48 | /* |
| 49 | * Without LSM specific knowledge, the default policy can only be | ||
| 49 | * written in terms of .action, .func, .mask, .fsmagic, and .uid | 50 | * written in terms of .action, .func, .mask, .fsmagic, and .uid |
| 50 | */ | 51 | */ |
| 52 | |||
| 53 | /* | ||
| 54 | * The minimum rule set to allow for full TCB coverage. Measures all files | ||
| 55 | * opened or mmap for exec and everything read by root. Dangerous because | ||
| 56 | * normal users can easily run the machine out of memory simply building | ||
| 57 | * and running executables. | ||
| 58 | */ | ||
| 51 | static struct ima_measure_rule_entry default_rules[] = { | 59 | static struct ima_measure_rule_entry default_rules[] = { |
| 52 | {.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC,.flags = IMA_FSMAGIC}, | 60 | {.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC,.flags = IMA_FSMAGIC}, |
| 53 | {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, | 61 | {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, |
| @@ -59,6 +67,8 @@ static struct ima_measure_rule_entry default_rules[] = { | |||
| 59 | .flags = IMA_FUNC | IMA_MASK}, | 67 | .flags = IMA_FUNC | IMA_MASK}, |
| 60 | {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, | 68 | {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, |
| 61 | .flags = IMA_FUNC | IMA_MASK}, | 69 | .flags = IMA_FUNC | IMA_MASK}, |
| 70 | {.action = MEASURE,.func = PATH_CHECK,.mask = MAY_READ,.uid = 0, | ||
| 71 | .flags = IMA_FUNC | IMA_MASK | IMA_UID}, | ||
| 62 | }; | 72 | }; |
| 63 | 73 | ||
| 64 | static LIST_HEAD(measure_default_rules); | 74 | static LIST_HEAD(measure_default_rules); |
| @@ -67,6 +77,14 @@ static struct list_head *ima_measure; | |||
| 67 | 77 | ||
| 68 | static DEFINE_MUTEX(ima_measure_mutex); | 78 | static DEFINE_MUTEX(ima_measure_mutex); |
| 69 | 79 | ||
| 80 | static bool ima_use_tcb __initdata; | ||
| 81 | static int __init default_policy_setup(char *str) | ||
| 82 | { | ||
| 83 | ima_use_tcb = 1; | ||
| 84 | return 1; | ||
| 85 | } | ||
| 86 | __setup("ima_tcb", default_policy_setup); | ||
| 87 | |||
| 70 | /** | 88 | /** |
| 71 | * ima_match_rules - determine whether an inode matches the measure rule. | 89 | * ima_match_rules - determine whether an inode matches the measure rule. |
| 72 | * @rule: a pointer to a rule | 90 | * @rule: a pointer to a rule |
| @@ -162,9 +180,15 @@ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask) | |||
| 162 | */ | 180 | */ |
| 163 | void ima_init_policy(void) | 181 | void ima_init_policy(void) |
| 164 | { | 182 | { |
| 165 | int i; | 183 | int i, entries; |
| 184 | |||
| 185 | /* if !ima_use_tcb set entries = 0 so we load NO default rules */ | ||
| 186 | if (ima_use_tcb) | ||
| 187 | entries = ARRAY_SIZE(default_rules); | ||
| 188 | else | ||
| 189 | entries = 0; | ||
| 166 | 190 | ||
| 167 | for (i = 0; i < ARRAY_SIZE(default_rules); i++) | 191 | for (i = 0; i < entries; i++) |
| 168 | list_add_tail(&default_rules[i].list, &measure_default_rules); | 192 | list_add_tail(&default_rules[i].list, &measure_default_rules); |
| 169 | ima_measure = &measure_default_rules; | 193 | ima_measure = &measure_default_rules; |
| 170 | } | 194 | } |