<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/security/integrity/ima/ima_api.c, branch v3.8</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
</subtitle>
<id>https://git.shady.money/linux/atom?h=v3.8</id>
<link rel='self' href='https://git.shady.money/linux/atom?h=v3.8'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/'/>
<updated>2012-12-14T02:35:26Z</updated>
<entry>
<title>ima: support new kernel module syscall</title>
<updated>2012-12-14T02:35:26Z</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2012-10-16T02:10:08Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=fdf90729e57812cb12d7938e2dee7c71e875fb08'/>
<id>urn:sha1:fdf90729e57812cb12d7938e2dee7c71e875fb08</id>
<content type='text'>
With the addition of the new kernel module syscall, which defines two
arguments - a file descriptor to the kernel module and a pointer to a NULL
terminated string of module arguments - it is now possible to measure and
appraise kernel modules like any other file on the file system.

This patch adds support to measure and appraise kernel modules in an
extensible and consistent manner.

To support filesystems without extended attribute support, additional
patches could pass the signature as the first parameter.

Signed-off-by: Mimi Zohar &lt;zohar@us.ibm.com&gt;
Signed-off-by: Rusty Russell &lt;rusty@rustcorp.com.au&gt;
</content>
</entry>
<entry>
<title>ima: audit log hashes</title>
<updated>2012-09-13T18:48:44Z</updated>
<author>
<name>Peter Moody</name>
<email>pmoody@google.com</email>
</author>
<published>2012-06-14T17:04:36Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=e7c568e0fd0cf6d9c8ab8ea537ba8f3a3ae7c3d8'/>
<id>urn:sha1:e7c568e0fd0cf6d9c8ab8ea537ba8f3a3ae7c3d8</id>
<content type='text'>
This adds an 'audit' policy action which audit logs file measurements.

Changelog v6:
 - use new action flag handling (Dmitry Kasatkin).
 - removed whitespace (Mimi)

Changelog v5:
 - use audit_log_untrustedstring.

Changelog v4:
 - cleanup digest -&gt; hash conversion.
 - use filename rather than d_path in ima_audit_measurement.

Changelog v3:
 - Use newly exported audit_log_task_info for logging pid/ppid/uid/etc.
 - Update the ima_policy ABI documentation.

Changelog v2:
 - Use 'audit' action rather than 'measure_and_audit' to permit
 auditing in the absence of measuring..

Changelog v1:
 - Initial posting.

Signed-off-by: Peter Moody &lt;pmoody@google.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
</entry>
<entry>
<title>ima: rename ima_must_appraise_or_measure</title>
<updated>2012-09-12T11:28:05Z</updated>
<author>
<name>Dmitry Kasatkin</name>
<email>dmitry.kasatkin@intel.com</email>
</author>
<published>2012-06-27T08:26:14Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=d9d300cdb6f233c4c591348919c758062198a4f4'/>
<id>urn:sha1:d9d300cdb6f233c4c591348919c758062198a4f4</id>
<content type='text'>
When AUDIT action support is added to the IMA,
ima_must_appraise_or_measure() does not reflect the real meaning anymore.
Rename it to ima_get_action().

Signed-off-by: Dmitry Kasatkin &lt;dmitry.kasatkin@intel.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
</entry>
<entry>
<title>ima: add support for different security.ima data types</title>
<updated>2012-09-07T18:57:47Z</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2012-01-10T03:59:36Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=5a44b41207174e1882ce0c24a752f4cfb65dab07'/>
<id>urn:sha1:5a44b41207174e1882ce0c24a752f4cfb65dab07</id>
<content type='text'>
IMA-appraisal currently verifies the integrity of a file based on a
known 'good' measurement value.  This patch reserves the first byte
of 'security.ima' as a place holder for the type of method used for
verifying file data integrity.

Changelog v1:
- Use the newly defined 'struct evm_ima_xattr_data'

Signed-off-by: Dmitry Kasatkin &lt;dmitry.kasatkin@nokia.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
</entry>
<entry>
<title>ima: integrity appraisal extension</title>
<updated>2012-09-07T18:57:44Z</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2012-02-13T15:15:05Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=2fe5d6def1672ae6635dd71867bf36dcfaa7434b'/>
<id>urn:sha1:2fe5d6def1672ae6635dd71867bf36dcfaa7434b</id>
<content type='text'>
IMA currently maintains an integrity measurement list used to assert the
integrity of the running system to a third party.  The IMA-appraisal
extension adds local integrity validation and enforcement of the
measurement against a "good" value stored as an extended attribute
'security.ima'.  The initial methods for validating 'security.ima' are
hashed based, which provides file data integrity, and digital signature
based, which in addition to providing file data integrity, provides
authenticity.

This patch creates and maintains the 'security.ima' xattr, containing
the file data hash measurement.  Protection of the xattr is provided by
EVM, if enabled and configured.

Based on policy, IMA calls evm_verifyxattr() to verify a file's metadata
integrity and, assuming success, compares the file's current hash value
with the one stored as an extended attribute in 'security.ima'.

Changelov v4:
- changed iint cache flags to hex values

Changelog v3:
- change appraisal default for filesystems without xattr support to fail

Changelog v2:
- fix audit msg 'res' value
- removed unused 'ima_appraise=' values

Changelog v1:
- removed unused iint mutex (Dmitry Kasatkin)
- setattr hook must not reset appraised (Dmitry Kasatkin)
- evm_verifyxattr() now differentiates between no 'security.evm' xattr
  (INTEGRITY_NOLABEL) and no EVM 'protected' xattrs included in the
  'security.evm' (INTEGRITY_NOXATTRS).
- replace hash_status with ima_status (Dmitry Kasatkin)
- re-initialize slab element ima_status on free (Dmitry Kasatkin)
- include 'security.ima' in EVM if CONFIG_IMA_APPRAISE, not CONFIG_IMA
- merged half "ima: ima_must_appraise_or_measure API change" (Dmitry Kasatkin)
- removed unnecessary error variable in process_measurement() (Dmitry Kasatkin)
- use ima_inode_post_setattr() stub function, if IMA_APPRAISE not configured
  (moved ima_inode_post_setattr() to ima_appraise.c)
- make sure ima_collect_measurement() can read file

Changelog:
- add 'iint' to evm_verifyxattr() call (Dimitry Kasatkin)
- fix the race condition between chmod, which takes the i_mutex and then
  iint-&gt;mutex, and ima_file_free() and process_measurement(), which take
  the locks in the reverse order, by eliminating iint-&gt;mutex. (Dmitry Kasatkin)
- cleanup of ima_appraise_measurement() (Dmitry Kasatkin)
- changes as a result of the iint not allocated for all regular files, but
  only for those measured/appraised.
- don't try to appraise new/empty files
- expanded ima_appraisal description in ima/Kconfig
- IMA appraise definitions required even if IMA_APPRAISE not enabled
- add return value to ima_must_appraise() stub
- unconditionally set status = INTEGRITY_PASS *after* testing status,
  not before.  (Found by Joe Perches)

Signed-off-by: Mimi Zohar &lt;zohar@us.ibm.com&gt;
Signed-off-by: Dmitry Kasatkin &lt;dmitry.kasatkin@intel.com&gt;
</content>
</entry>
<entry>
<title>ima: use full pathnames in measurement list</title>
<updated>2012-07-02T20:43:29Z</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2012-06-20T13:32:55Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=08e1b76ae399a010c0d0916b125d75aed6961d16'/>
<id>urn:sha1:08e1b76ae399a010c0d0916b125d75aed6961d16</id>
<content type='text'>
The IMA measurement list contains filename hints, which can be
ambigious without the full pathname.  This patch replaces the
filename hint with the full pathname, simplifying for userspace
the correlating of file hash measurements with files.

Change log v1:
- Revert to short filenames, when full pathname is longer than IMA
  measurement buffer size. (Based on Dmitry's review)

Signed-off-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
</content>
</entry>
<entry>
<title>ima: free duplicate measurement memory</title>
<updated>2011-12-20T03:04:32Z</updated>
<author>
<name>Roberto Sassu</name>
<email>roberto.sassu@polito.it</email>
</author>
<published>2011-12-19T14:57:27Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=45fae7493970d7c45626ccd96d4a74f5f1eea5a9'/>
<id>urn:sha1:45fae7493970d7c45626ccd96d4a74f5f1eea5a9</id>
<content type='text'>
Info about new measurements are cached in the iint for performance.  When
the inode is flushed from cache, the associated iint is flushed as well.
Subsequent access to the inode will cause the inode to be re-measured and
will attempt to add a duplicate entry to the measurement list.

This patch frees the duplicate measurement memory, fixing a memory leak.

Signed-off-by: Roberto Sassu &lt;roberto.sassu@polito.it&gt;
Signed-off-by: Mimi Zohar &lt;zohar@us.ibm.com&gt;
Cc: stable@vger.kernel.org
</content>
</entry>
<entry>
<title>integrity: move ima inode integrity data management</title>
<updated>2011-07-18T16:29:38Z</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2011-03-09T19:13:22Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=f381c272224f5f158f5cff64f8f3481fa0eee8b3'/>
<id>urn:sha1:f381c272224f5f158f5cff64f8f3481fa0eee8b3</id>
<content type='text'>
Move the inode integrity data(iint) management up to the integrity directory
in order to share the iint among the different integrity models.

Changelog:
- don't define MAX_DIGEST_SIZE
- rename several globally visible 'ima_' prefixed functions, structs,
  locks, etc to 'integrity_'
- replace '20' with SHA1_DIGEST_SIZE
- reflect location change in appropriate Kconfig and Makefiles
- remove unnecessary initialization of iint_initialized to 0
- rebased on current ima_iint.c
- define integrity_iint_store/lock as static

There should be no other functional changes.

Signed-off-by: Mimi Zohar &lt;zohar@us.ibm.com&gt;
Acked-by: Serge Hallyn &lt;serge.hallyn@ubuntu.com&gt;
</content>
</entry>
<entry>
<title>ima: remove unnecessary call to ima_must_measure</title>
<updated>2011-02-23T21:38:52Z</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2011-02-22T15:19:43Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=1adace9bb04a5f4a4dea9e642089102661bb0ceb'/>
<id>urn:sha1:1adace9bb04a5f4a4dea9e642089102661bb0ceb</id>
<content type='text'>
The original ima_must_measure() function based its results on cached
iint information, which required an iint be allocated for all files.
Currently, an iint is allocated only for files in policy.  As a result,
for those files in policy, ima_must_measure() is now called twice: once
to determine if the inode is in the measurement policy and, the second
time, to determine if it needs to be measured/re-measured.

The second call to ima_must_measure() unnecessarily checks to see if
the file is in policy. As we already know the file is in policy, this
patch removes the second unnecessary call to ima_must_measure(), removes
the vestige iint parameter, and just checks the iint directly to determine
if the inode has been measured or needs to be measured/re-measured.

Signed-off-by: Mimi Zohar &lt;zohar@us.ibm.com&gt;
Acked-by: Eric Paris &lt;eparis@redhat.com&gt;
</content>
</entry>
<entry>
<title>IMA: move read counter into struct inode</title>
<updated>2010-10-26T18:37:18Z</updated>
<author>
<name>Eric Paris</name>
<email>eparis@redhat.com</email>
</author>
<published>2010-10-25T18:41:59Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/linux/commit/?id=a178d2027d3198b0a04517d764326ab71cd73da2'/>
<id>urn:sha1:a178d2027d3198b0a04517d764326ab71cd73da2</id>
<content type='text'>
IMA currently allocated an inode integrity structure for every inode in
core.  This stucture is about 120 bytes long.  Most files however
(especially on a system which doesn't make use of IMA) will never need
any of this space.  The problem is that if IMA is enabled we need to
know information about the number of readers and the number of writers
for every inode on the box.  At the moment we collect that information
in the per inode iint structure and waste the rest of the space.  This
patch moves those counters into the struct inode so we can eventually
stop allocating an IMA integrity structure except when absolutely
needed.

This patch does the minimum needed to move the location of the data.
Further cleanups, especially the location of counter updates, may still
be possible.

Signed-off-by: Eric Paris &lt;eparis@redhat.com&gt;
Acked-by: Mimi Zohar &lt;zohar@linux.vnet.ibm.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
</entry>
</feed>
