Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v5 0/4] LSM: Measure security module data
@ 2020-07-30  3:47 Lakshmi Ramasubramanian
  2020-07-30  3:47 ` [PATCH v5 1/4] IMA: Add func to measure LSM state and policy Lakshmi Ramasubramanian
                   ` (3 more replies)
  0 siblings, 4 replies; 23+ messages in thread
From: Lakshmi Ramasubramanian @ 2020-07-30  3:47 UTC (permalink / raw)
  To: zohar, stephen.smalley.work, casey
  Cc: tyhicks, sashal, jmorris, linux-integrity, selinux,
	linux-security-module, linux-kernel

Critical data structures of security modules are currently not measured.
Therefore an attestation service, for instance, would not be able to
attest whether the security modules are always operating with the policies
and configuration that the system administrator had setup. The policies
and configuration for the security modules could be tampered with by
malware by exploiting kernel vulnerabilities or modified through some
inadvertent actions on the system. Measuring such critical data would
enable an attestation service to better assess the state of the system.

IMA subsystem measures system files, command line arguments passed to
kexec, boot aggregate, keys, etc. It can be used to measure critical
data structures of security modules as well.

This change aims to address measuring critical data structures
of security modules when they are initialized and when they are
updated at runtime.

This series is based on commit 3db0d0c276a7 ("integrity: remove
redundant initialization of variable ret") in next-integrity

Change log:

  v5:
      => Append timestamp to "event name" string in the call to
         the IMA hooks so that LSM data is always measured by IMA.
      => Removed workqueue patch that was handling periodic checking
         of the LSM data. This change will be introduced as a separate
         patch set while keeping this patch set focussed on measuring
         the LSM data on initialization and on updates at runtime.
      => Handle early boot measurement of LSM data.

  v4:
      => Added LSM_POLICY func and IMA hook to measure LSM policy.
      => Pass SELinux policy data, instead of the hash of the policy,
         to the IMA hook to measure.
      => Include "initialized" flag in SELinux measurement.
         Also, measure SELinux state even when initialization is not yet
         completed. But measure SELinux policy only after initialization.

  v3:
      => Loop through policy_capabilities to build the state data
         to measure instead of hardcoding to current set of
         policy capabilities.
      => Added error log messages for failure conditions.

  v2:
      => Pass selinux_state struct as parameter to the function
         that measures SELinux data.
      => Use strings from selinux_policycap_names array for SELinux
         state measurement.
      => Refactored security_read_policy() to alloc kernel or user
         virtual memory and then read the SELinux policy.

  v1:
      => Per Stephen Smalley's suggestion added selinux_state booleans
         and hash of SELinux policy in the measured data for SELinux.
      => Call IMA hook from the security module directly instead of
         redirecting through the LSM.

Lakshmi Ramasubramanian (4):
  IMA: Add func to measure LSM state and policy
  IMA: Define IMA hooks to measure LSM state and policy
  LSM: Define SELinux function to measure state and policy
  IMA: Handle early boot data measurement

 Documentation/ABI/testing/ima_policy         |   9 +
 include/linux/ima.h                          |  14 ++
 security/integrity/ima/Kconfig               |   5 +-
 security/integrity/ima/Makefile              |   2 +-
 security/integrity/ima/ima.h                 |  45 +++--
 security/integrity/ima/ima_api.c             |   2 +-
 security/integrity/ima/ima_asymmetric_keys.c |   6 +-
 security/integrity/ima/ima_init.c            |   2 +-
 security/integrity/ima/ima_main.c            |  64 ++++++-
 security/integrity/ima/ima_policy.c          |  33 +++-
 security/integrity/ima/ima_queue_data.c      | 175 +++++++++++++++++++
 security/integrity/ima/ima_queue_keys.c      | 174 ------------------
 security/selinux/Makefile                    |   2 +
 security/selinux/hooks.c                     |   1 +
 security/selinux/include/security.h          |  15 ++
 security/selinux/measure.c                   | 150 ++++++++++++++++
 security/selinux/selinuxfs.c                 |   3 +
 security/selinux/ss/services.c               |  71 +++++++-
 18 files changed, 551 insertions(+), 222 deletions(-)
 create mode 100644 security/integrity/ima/ima_queue_data.c
 delete mode 100644 security/integrity/ima/ima_queue_keys.c
 create mode 100644 security/selinux/measure.c

-- 
2.27.0


^ permalink raw reply	[flat|nested] 23+ messages in thread

end of thread, back to index

Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-30  3:47 [PATCH v5 0/4] LSM: Measure security module data Lakshmi Ramasubramanian
2020-07-30  3:47 ` [PATCH v5 1/4] IMA: Add func to measure LSM state and policy Lakshmi Ramasubramanian
2020-07-30 15:02   ` Tyler Hicks
2020-07-30 15:15     ` Lakshmi Ramasubramanian
2020-07-30 15:17       ` Tyler Hicks
2020-07-30 16:19     ` Casey Schaufler
2020-07-30 16:33       ` Lakshmi Ramasubramanian
2020-07-30  3:47 ` [PATCH v5 2/4] IMA: Define IMA hooks " Lakshmi Ramasubramanian
2020-07-30 15:04   ` Tyler Hicks
2020-07-30  3:47 ` [PATCH v5 3/4] LSM: Define SELinux function to measure " Lakshmi Ramasubramanian
2020-08-03 15:11   ` Stephen Smalley
2020-08-03 16:14     ` Lakshmi Ramasubramanian
2020-08-03 20:00       ` Stephen Smalley
2020-08-03 20:29         ` Stephen Smalley
2020-08-03 20:37           ` Lakshmi Ramasubramanian
2020-08-03 21:07             ` Stephen Smalley
2020-08-03 22:08               ` Lakshmi Ramasubramanian
2020-08-04 15:20                 ` Stephen Smalley
2020-08-04 15:29                   ` Stephen Smalley
2020-08-04 15:57                     ` Lakshmi Ramasubramanian
2020-07-30  3:47 ` [PATCH v5 4/4] IMA: Handle early boot data measurement Lakshmi Ramasubramanian
2020-07-30 18:02   ` Lakshmi Ramasubramanian
2020-07-30 20:04     ` Tyler Hicks

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git