The patch titled
SLIM Integrity Patch
has been removed from the -mm tree. Its filename was
slim-integrity-patch.patch
This patch was dropped because this work seems to be stalled
------------------------------------------------------
Subject: SLIM Integrity Patch
From: Mimi Zohar <[EMAIL PROTECTED]>
This is a minor patch to SLIM that only addresses the integrity service
issues, to be reviewed in conjuction with the integrity service framework
and provider that were just posted.
Signed-off-by: Mimi Zohar <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
---
security/slim/Kconfig | 4 -
security/slim/slm_main.c | 98 +++++++++++++++++++++++--------------
2 files changed, 65 insertions(+), 37 deletions(-)
diff -puN security/slim/Kconfig~slim-integrity-patch security/slim/Kconfig
--- a/security/slim/Kconfig~slim-integrity-patch
+++ a/security/slim/Kconfig
@@ -23,7 +23,7 @@ config SECURITY_SLIM_BOOTPARAM_VALUE
int "SLIM boot parameter default value"
depends on SECURITY_SLIM_BOOTPARAM
range 0 1
- default 1
+ default 0
help
This option sets the default value for the kernel parameter
'slim', which allows SLIM to be disabled at boot. If this
@@ -32,5 +32,5 @@ config SECURITY_SLIM_BOOTPARAM_VALUE
set to 1 (one), the SLIM kernel parameter will default to 1,
enabling SLIM at bootup.
- If you are unsure how to answer this question, answer 1.
+ If you are unsure how to answer this question, answer 0.
diff -puN security/slim/slm_main.c~slim-integrity-patch security/slim/slm_main.c
--- a/security/slim/slm_main.c~slim-integrity-patch
+++ a/security/slim/slm_main.c
@@ -1,7 +1,7 @@
/*
* SLIM - Simple Linux Integrity Module
*
- * Copyright (C) 2005,2006 IBM Corporation
+ * Copyright (C) 2005,2006,2007 IBM Corporation
* Author: Mimi Zohar <[EMAIL PROTECTED]>
* Kylene Hall <[EMAIL PROTECTED]>
*
@@ -32,6 +32,29 @@
extern struct security_operations dummy_security_ops;
unsigned int slm_debug = SLM_BASE;
+
+#ifdef CONFIG_SECURITY_SLIM_BOOTPARAM
+int slim_enabled = CONFIG_SECURITY_SLIM_BOOTPARAM_VALUE;
+
+static int __init slim_enabled_setup(char *str)
+{
+ slim_enabled = simple_strtol(str, NULL, 0);
+ return 1;
+}
+__setup("slim=", slim_enabled_setup);
+#else
+int slim_enabled = 1;
+#endif
+
+unsigned int integrity_enforce = 0;
+static int __init integrity_enforce_setup(char *str)
+{
+ integrity_enforce = simple_strtol(str, NULL, 0);
+ return 1;
+}
+
+__setup("slim_integrity_enforce=", integrity_enforce_setup);
+
#define XATTR_NAME "security.slim.level"
#define ZERO_STR "0"
@@ -319,16 +342,13 @@ static int slm_get_xattr(struct dentry *
"(rc: %d - status: %d)\n",
dentry->d_name.name, rc, *status);
- } else if (rc >=0 && *status == INTEGRITY_PASS && xattr_value) {
- rc = slm_parse_xattr(xattr_value, xattr_len, level);
+ } else {
+ if (!integrity_enforce)
+ *status = INTEGRITY_PASS;
+
+ if (rc >= 0 && xattr_value && *status != INTEGRITY_FAIL)
+ rc = slm_parse_xattr(xattr_value, xattr_len, level);
kfree(xattr_value);
- if (rc == 0 && level->iac_level != SLM_IAC_UNTRUSTED) {
- rc = integrity_verify_data(dentry, status);
- if ((rc < 0) || (*status != INTEGRITY_PASS))
- dprintk(SLM_BASE, "%s integrity_verify_data
failed "
- " (rc: %d status: %d)\n", dentry->d_name.name,
- rc, *status);
- }
}
return rc;
}
@@ -392,13 +412,12 @@ static void update_level(struct dentry *
break;
}
} else {
- switch(status) {
- case INTEGRITY_FAIL:
- case INTEGRITY_NOLABEL:
- dprintk(SLM_INTEGRITY, "%s: %s FAIL/NOLABEL
(%d)\n",
+ switch (status) {
+ case INTEGRITY_FAIL:
+ dprintk(SLM_INTEGRITY, "%s: %s FAIL(%d)\n",
__FUNCTION__, dentry->d_name.name, rc);
- set_level_untrusted(level);
- break;
+ set_level_untrusted(level);
+ break;
}
}
}
@@ -699,8 +718,28 @@ static int slm_inode_permission(struct i
slm_get_level(dentry, &level);
- /* measure all SYSTEM level integrity objects */
- if (level.iac_level == SLM_IAC_SYSTEM)
+ /* verify data for all trusted integrity objects */
+ if (level.iac_level != SLM_IAC_UNTRUSTED) {
+ int status;
+
+ rc = integrity_verify_data(dentry, &status);
+ switch (status) {
+ case INTEGRITY_FAIL:
+ dprintk(SLM_INTEGRITY, "%s: %s (Integrity status: "
+ " FAIL)\n", __FUNCTION__, fname);
+ if (integrity_enforce)
+ set_level_untrusted(&level);
+ break;
+ case INTEGRITY_NOLABEL:
+ dprintk(SLM_INTEGRITY, "%s: %s (Integrity status: "
+ " NOLABEL)\n", __FUNCTION__, fname);
+ default:
+ break;
+ }
+ }
+
+ /* measure all SYSTEM level integrity objects to be read */
+ if ((level.iac_level == SLM_IAC_SYSTEM) && (mask == MAY_READ))
integrity_measure(dentry, fname, mask);
rc = slm_set_taskperm(mask, &level, fname);
@@ -789,7 +828,6 @@ static int slm_set_xattr(struct slm_file
memcpy(bufp, slm_iac_str[level->iac_level], len);
bufp += len;
}
- *bufp++ = ' ';
xattr_len = bufp - buf;
/* point after 'security.' */
@@ -1414,23 +1452,25 @@ static int slm_bprm_check_security(struc
/* Possible return codes: PERMIT, DENY, NOLABEL */
rc = integrity_verify_data(dentry, &status);
- if (rc < 0)
+ if ((rc < 0) && integrity_enforce)
return rc;
- switch(status) {
+ switch (status) {
case INTEGRITY_FAIL:
if (!is_kernel_thread(current)) {
dprintk(SLM_BASE,
"%s: %s (Integrity status: FAIL)\n",
__FUNCTION__, bprm->filename);
- return -EACCES;
+ if (integrity_enforce)
+ return -EACCES;
}
break;
case INTEGRITY_NOLABEL:
dprintk(SLM_BASE,
"%s: %s (Integrity status: NOLABEL)\n",
__FUNCTION__, bprm->filename);
- level.iac_level = SLM_IAC_UNTRUSTED;
+ if (integrity_enforce)
+ level.iac_level = SLM_IAC_UNTRUSTED;
}
rc = enforce_integrity_execute(bprm, &level, cur_tsec);
@@ -1613,18 +1653,6 @@ static struct security_operations slm_se
.d_instantiate = slm_d_instantiate
};
-#ifdef CONFIG_SECURITY_SLIM_BOOTPARAM
-int slim_enabled = CONFIG_SECURITY_SLIM_BOOTPARAM_VALUE;
-
-static int __init slim_enabled_setup(char *str)
-{
- slim_enabled = simple_strtol(str, NULL, 0);
- return 1;
-}
-__setup("slim=", slim_enabled_setup);
-#else
-int slim_enabled = 1;
-#endif
static int __init init_slm(void)
{
int rc;
_
Patches currently in -mm which might be from [EMAIL PROTECTED] are
slim-integrity-patch.patch
integrity-new-hooks.patch
integrity-fs-hook-placement.patch
integrity-evm-as-an-integrity-service-provider.patch
integrity-ima-integrity_measure-support.patch
integrity-ima-identifiers.patch
integrity-ima-cleanup.patch
integrity-tpm-internal-kernel-interface.patch
ibac-patch.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
