From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: zohar@linux.ibm.com, stephen.smalley.work@gmail.com,
casey@schaufler-ca.com
Cc: jmorris@namei.org, linux-integrity@vger.kernel.org,
selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH v1 0/5] LSM: Measure security module state
Date: Wed, 15 Jul 2020 08:48:48 -0700 [thread overview]
Message-ID: <20200715154853.23374-1-nramas@linux.microsoft.com> (raw)
Critical data structures of security modules are currently not measured.
Therefore an attestation service, for instance, would not be able to
attest whether the security modules are always operating with the policies
and configuration that the system administrator had setup. The policies
and configuration for the security modules could be tampered with by
malware by exploiting Kernel vulnerabilities or modified through some
inadvertent actions on the system. Measuring such critical data would
enable an attestation service to better assess the state of the system.
IMA subsystem measures system files, command line arguments passed to
kexec, boot aggregate, keys, etc. It can be used to measure critical
data structures of security modules as well.
This change aims to address measuring critical data structures
of security modules when they are initialized, when they are updated
at runtime, and also periodically to detect any tampering.
This change set is based off of Linux Kernel version 5.8-rc5.
The following patch needs to be applied first before applying
the patches in this patch set:
https://patchwork.kernel.org/patch/11612989/
Change log:
v1:
=> Per Stephen Smalley's suggestion added selinux_state booleans
and hash of SELinux policy in the measured data for SELinux.
=> Call IMA hook from the security module directly instead of
redirecting through the LSM.
Lakshmi Ramasubramanian (5):
IMA: Add LSM_STATE func to measure LSM data
IMA: Define an IMA hook to measure LSM data
LSM: Add security_state function pointer in lsm_info struct
LSM: Define SELinux function to measure security state
LSM: Define workqueue for measuring security module state
Documentation/ABI/testing/ima_policy | 6 +-
include/linux/ima.h | 4 +
include/linux/lsm_hooks.h | 3 +
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_main.c | 17 ++++
security/integrity/ima/ima_policy.c | 29 +++++--
security/security.c | 74 +++++++++++++++-
security/selinux/Makefile | 2 +
security/selinux/hooks.c | 2 +
security/selinux/include/security.h | 19 +++++
security/selinux/measure.c | 122 +++++++++++++++++++++++++++
security/selinux/selinuxfs.c | 1 +
security/selinux/ss/services.c | 23 ++++-
14 files changed, 293 insertions(+), 12 deletions(-)
create mode 100644 security/selinux/measure.c
--
2.27.0
next reply other threads:[~2020-07-15 15:49 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-15 15:48 Lakshmi Ramasubramanian [this message]
2020-07-15 15:48 ` [PATCH v1 1/5] IMA: Add LSM_STATE func to measure LSM data Lakshmi Ramasubramanian
2020-07-15 15:48 ` [PATCH v1 2/5] IMA: Define an IMA hook " Lakshmi Ramasubramanian
2020-07-15 15:48 ` [PATCH v1 3/5] LSM: Add security_state function pointer in lsm_info struct Lakshmi Ramasubramanian
2020-07-15 15:48 ` [PATCH v1 4/5] LSM: Define SELinux function to measure security state Lakshmi Ramasubramanian
2020-07-15 18:04 ` Stephen Smalley
2020-07-15 18:34 ` Lakshmi Ramasubramanian
2020-07-15 15:48 ` [PATCH v1 5/5] LSM: Define workqueue for measuring security module state Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200715154853.23374-1-nramas@linux.microsoft.com \
--to=nramas@linux.microsoft.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).