cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

ima_policy (6438B)

      1What:		/sys/kernel/security/*/ima/policy
      2Date:		May 2008
      3Contact:	Mimi Zohar <zohar@us.ibm.com>
      4Description:
      5		The Trusted Computing Group(TCG) runtime Integrity
      6		Measurement Architecture(IMA) maintains a list of hash
      7		values of executables and other sensitive system files
      8		loaded into the run-time of this system.  At runtime,
      9		the policy can be constrained based on LSM specific data.
     10		Policies are loaded into the securityfs file ima/policy
     11		by opening the file, writing the rules one at a time and
     12		then closing the file.  The new policy takes effect after
     13		the file ima/policy is closed.
     14
     15		IMA appraisal, if configured, uses these file measurements
     16		for local measurement appraisal.
     17
     18		::
     19
     20		  rule format: action [condition ...]
     21
     22		  action: measure | dont_measure | appraise | dont_appraise |
     23			  audit | hash | dont_hash
     24		  condition:= base | lsm  [option]
     25			base:	[[func=] [mask=] [fsmagic=] [fsuuid=] [fsname=]
     26				[uid=] [euid=] [gid=] [egid=]
     27				[fowner=] [fgroup=]]
     28			lsm:	[[subj_user=] [subj_role=] [subj_type=]
     29				 [obj_user=] [obj_role=] [obj_type=]]
     30			option:	[digest_type=] [template=] [permit_directio]
     31				[appraise_type=] [appraise_flag=]
     32				[appraise_algos=] [keyrings=]
     33		  base:
     34			func:= [BPRM_CHECK][MMAP_CHECK][CREDS_CHECK][FILE_CHECK][MODULE_CHECK]
     35				[FIRMWARE_CHECK]
     36				[KEXEC_KERNEL_CHECK] [KEXEC_INITRAMFS_CHECK]
     37				[KEXEC_CMDLINE] [KEY_CHECK] [CRITICAL_DATA]
     38				[SETXATTR_CHECK]
     39			mask:= [[^]MAY_READ] [[^]MAY_WRITE] [[^]MAY_APPEND]
     40			       [[^]MAY_EXEC]
     41			fsmagic:= hex value
     42			fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
     43			uid:= decimal value
     44			euid:= decimal value
     45			gid:= decimal value
     46			egid:= decimal value
     47			fowner:= decimal value
     48			fgroup:= decimal value
     49		  lsm:  are LSM specific
     50		  option:
     51			appraise_type:= [imasig] | [imasig|modsig] | [sigv3]
     52			    where 'imasig' is the original or the signature
     53				format v2.
     54			    where 'modsig' is an appended signature,
     55			    where 'sigv3' is the signature format v3. (Currently
     56				limited to fsverity digest based signatures
     57				stored in security.ima xattr. Requires
     58				specifying "digest_type=verity" first.)
     59
     60			appraise_flag:= [check_blacklist]
     61			Currently, blacklist check is only for files signed with appended
     62			signature.
     63			digest_type:= verity
     64			    Require fs-verity's file digest instead of the
     65			    regular IMA file hash.
     66			keyrings:= list of keyrings
     67			(eg, .builtin_trusted_keys|.ima). Only valid
     68			when action is "measure" and func is KEY_CHECK.
     69			template:= name of a defined IMA template type
     70			(eg, ima-ng). Only valid when action is "measure".
     71			pcr:= decimal value
     72			label:= [selinux]|[kernel_info]|[data_label]
     73			data_label:= a unique string used for grouping and limiting critical data.
     74			For example, "selinux" to measure critical data for SELinux.
     75			appraise_algos:= comma-separated list of hash algorithms
     76			For example, "sha256,sha512" to only accept to appraise
     77			files where the security.ima xattr was hashed with one
     78			of these two algorithms.
     79
     80		  default policy:
     81			# PROC_SUPER_MAGIC
     82			dont_measure fsmagic=0x9fa0
     83			dont_appraise fsmagic=0x9fa0
     84			# SYSFS_MAGIC
     85			dont_measure fsmagic=0x62656572
     86			dont_appraise fsmagic=0x62656572
     87			# DEBUGFS_MAGIC
     88			dont_measure fsmagic=0x64626720
     89			dont_appraise fsmagic=0x64626720
     90			# TMPFS_MAGIC
     91			dont_measure fsmagic=0x01021994
     92			dont_appraise fsmagic=0x01021994
     93			# RAMFS_MAGIC
     94			dont_appraise fsmagic=0x858458f6
     95			# DEVPTS_SUPER_MAGIC
     96			dont_measure fsmagic=0x1cd1
     97			dont_appraise fsmagic=0x1cd1
     98			# BINFMTFS_MAGIC
     99			dont_measure fsmagic=0x42494e4d
    100			dont_appraise fsmagic=0x42494e4d
    101			# SECURITYFS_MAGIC
    102			dont_measure fsmagic=0x73636673
    103			dont_appraise fsmagic=0x73636673
    104			# SELINUX_MAGIC
    105			dont_measure fsmagic=0xf97cff8c
    106			dont_appraise fsmagic=0xf97cff8c
    107			# CGROUP_SUPER_MAGIC
    108			dont_measure fsmagic=0x27e0eb
    109			dont_appraise fsmagic=0x27e0eb
    110			# NSFS_MAGIC
    111			dont_measure fsmagic=0x6e736673
    112			dont_appraise fsmagic=0x6e736673
    113
    114			measure func=BPRM_CHECK
    115			measure func=FILE_MMAP mask=MAY_EXEC
    116			measure func=FILE_CHECK mask=MAY_READ uid=0
    117			measure func=MODULE_CHECK
    118			measure func=FIRMWARE_CHECK
    119			appraise fowner=0
    120
    121		The default policy measures all executables in bprm_check,
    122		all files mmapped executable in file_mmap, and all files
    123		open for read by root in do_filp_open.  The default appraisal
    124		policy appraises all files owned by root.
    125
    126		Examples of LSM specific definitions:
    127
    128		SELinux::
    129
    130			dont_measure obj_type=var_log_t
    131			dont_appraise obj_type=var_log_t
    132			dont_measure obj_type=auditd_log_t
    133			dont_appraise obj_type=auditd_log_t
    134			measure subj_user=system_u func=FILE_CHECK mask=MAY_READ
    135			measure subj_role=system_r func=FILE_CHECK mask=MAY_READ
    136
    137		Smack::
    138
    139			measure subj_user=_ func=FILE_CHECK mask=MAY_READ
    140
    141		Example of measure rules using alternate PCRs::
    142
    143			measure func=KEXEC_KERNEL_CHECK pcr=4
    144			measure func=KEXEC_INITRAMFS_CHECK pcr=5
    145
    146		Example of appraise rule allowing modsig appended signatures:
    147
    148			appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig|modsig
    149
    150		Example of measure rule using KEY_CHECK to measure all keys:
    151
    152			measure func=KEY_CHECK
    153
    154		Example of measure rule using KEY_CHECK to only measure
    155		keys added to .builtin_trusted_keys or .ima keyring:
    156
    157			measure func=KEY_CHECK keyrings=.builtin_trusted_keys|.ima
    158
    159		Example of the special SETXATTR_CHECK appraise rule, that
    160		restricts the hash algorithms allowed when writing to the
    161		security.ima xattr of a file:
    162
    163			appraise func=SETXATTR_CHECK appraise_algos=sha256,sha384,sha512
    164
    165		Example of a 'measure' rule requiring fs-verity's digests
    166		with indication of type of digest in the measurement list.
    167
    168			measure func=FILE_CHECK digest_type=verity \
    169				template=ima-ngv2
    170
    171		Example of 'measure' and 'appraise' rules requiring fs-verity
    172		signatures (format version 3) stored in security.ima xattr.
    173
    174		The 'measure' rule specifies the 'ima-sigv3' template option,
    175		which includes the indication of type of digest and the file
    176		signature in the measurement list.
    177
    178			measure func=BPRM_CHECK digest_type=verity \
    179				template=ima-sigv3
    180
    181
    182		The 'appraise' rule specifies the type and signature format
    183		version (sigv3) required.
    184
    185			appraise func=BPRM_CHECK digest_type=verity \
    186				appraise_type=sigv3
    187
    188		All of these policy rules could, for example, be constrained
    189		either based on a filesystem's UUID (fsuuid) or based on LSM
    190		labels.