Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 1 | What: security/ima/policy |
| 2 | Date: May 2008 |
| 3 | Contact: Mimi Zohar <zohar@us.ibm.com> |
| 4 | Description: |
| 5 | The Trusted Computing Group(TCG) runtime Integrity |
| 6 | Measurement Architecture(IMA) maintains a list of hash |
| 7 | values of executables and other sensitive system files |
| 8 | loaded into the run-time of this system. At runtime, |
| 9 | the policy can be constrained based on LSM specific data. |
| 10 | Policies are loaded into the securityfs file ima/policy |
| 11 | by opening the file, writing the rules one at a time and |
| 12 | then closing the file. The new policy takes effect after |
| 13 | the file ima/policy is closed. |
| 14 | |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 15 | IMA appraisal, if configured, uses these file measurements |
| 16 | for local measurement appraisal. |
| 17 | |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 18 | rule format: action [condition ...] |
| 19 | |
Peter Moody | e7c568e | 2012-06-14 10:04:36 -0700 | [diff] [blame] | 20 | action: measure | dont_measure | appraise | dont_appraise | audit |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 21 | condition:= base | lsm |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 22 | base: [[func=] [mask=] [fsmagic=] [uid=] [fowner]] |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 23 | lsm: [[subj_user=] [subj_role=] [subj_type=] |
| 24 | [obj_user=] [obj_role=] [obj_type=]] |
| 25 | |
Mimi Zohar | fdf9072 | 2012-10-16 12:40:08 +1030 | [diff] [blame] | 26 | base: func:= [BPRM_CHECK][FILE_MMAP][FILE_CHECK][MODULE_CHECK] |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 27 | mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC] |
| 28 | fsmagic:= hex value |
| 29 | uid:= decimal value |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 30 | fowner:=decimal value |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 31 | lsm: are LSM specific |
| 32 | |
| 33 | default policy: |
| 34 | # PROC_SUPER_MAGIC |
| 35 | dont_measure fsmagic=0x9fa0 |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 36 | dont_appraise fsmagic=0x9fa0 |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 37 | # SYSFS_MAGIC |
| 38 | dont_measure fsmagic=0x62656572 |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 39 | dont_appraise fsmagic=0x62656572 |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 40 | # DEBUGFS_MAGIC |
| 41 | dont_measure fsmagic=0x64626720 |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 42 | dont_appraise fsmagic=0x64626720 |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 43 | # TMPFS_MAGIC |
| 44 | dont_measure fsmagic=0x01021994 |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 45 | dont_appraise fsmagic=0x01021994 |
| 46 | # RAMFS_MAGIC |
| 47 | dont_measure fsmagic=0x858458f6 |
| 48 | dont_appraise fsmagic=0x858458f6 |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 49 | # SECURITYFS_MAGIC |
| 50 | dont_measure fsmagic=0x73636673 |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 51 | dont_appraise fsmagic=0x73636673 |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 52 | |
| 53 | measure func=BPRM_CHECK |
| 54 | measure func=FILE_MMAP mask=MAY_EXEC |
Mimi Zohar | 1e93d00 | 2010-01-26 17:02:41 -0500 | [diff] [blame] | 55 | measure func=FILE_CHECK mask=MAY_READ uid=0 |
Mimi Zohar | fdf9072 | 2012-10-16 12:40:08 +1030 | [diff] [blame] | 56 | measure func=MODULE_CHECK uid=0 |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 57 | appraise fowner=0 |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 58 | |
| 59 | The default policy measures all executables in bprm_check, |
| 60 | all files mmapped executable in file_mmap, and all files |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 61 | open for read by root in do_filp_open. The default appraisal |
| 62 | policy appraises all files owned by root. |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 63 | |
| 64 | Examples of LSM specific definitions: |
| 65 | |
| 66 | SELinux: |
| 67 | # SELINUX_MAGIC |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 68 | dont_measure fsmagic=0xf97cff8c |
| 69 | dont_appraise fsmagic=0xf97cff8c |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 70 | |
| 71 | dont_measure obj_type=var_log_t |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 72 | dont_appraise obj_type=var_log_t |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 73 | dont_measure obj_type=auditd_log_t |
Mimi Zohar | 07f6a79 | 2011-03-09 22:25:48 -0500 | [diff] [blame] | 74 | dont_appraise obj_type=auditd_log_t |
Mimi Zohar | 1e93d00 | 2010-01-26 17:02:41 -0500 | [diff] [blame] | 75 | measure subj_user=system_u func=FILE_CHECK mask=MAY_READ |
| 76 | measure subj_role=system_r func=FILE_CHECK mask=MAY_READ |
Mimi Zohar | 4af4662 | 2009-02-04 09:07:00 -0500 | [diff] [blame] | 77 | |
| 78 | Smack: |
Mimi Zohar | 1e93d00 | 2010-01-26 17:02:41 -0500 | [diff] [blame] | 79 | measure subj_user=_ func=FILE_CHECK mask=MAY_READ |