mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-18 22:14:16 +00:00 
			
		
		
		
	lsm: add IPE lsm
Integrity Policy Enforcement (IPE) is an LSM that provides an complimentary approach to Mandatory Access Control than existing LSMs today. Existing LSMs have centered around the concept of access to a resource should be controlled by the current user's credentials. IPE's approach, is that access to a resource should be controlled by the system's trust of a current resource. The basis of this approach is defining a global policy to specify which resource can be trusted. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> [PM: subject line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
		
							parent
							
								
									9ee6881454
								
							
						
					
					
						commit
						0311507792
					
				
					 9 changed files with 97 additions and 6 deletions
				
			
		|  | @ -64,6 +64,7 @@ struct lsm_ctx { | ||||||
| #define LSM_ID_LANDLOCK		110 | #define LSM_ID_LANDLOCK		110 | ||||||
| #define LSM_ID_IMA		111 | #define LSM_ID_IMA		111 | ||||||
| #define LSM_ID_EVM		112 | #define LSM_ID_EVM		112 | ||||||
|  | #define LSM_ID_IPE		113 | ||||||
| 
 | 
 | ||||||
| /*
 | /*
 | ||||||
|  * LSM_ATTR_XXX definitions identify different LSM attributes |  * LSM_ATTR_XXX definitions identify different LSM attributes | ||||||
|  |  | ||||||
|  | @ -192,6 +192,7 @@ source "security/yama/Kconfig" | ||||||
| source "security/safesetid/Kconfig" | source "security/safesetid/Kconfig" | ||||||
| source "security/lockdown/Kconfig" | source "security/lockdown/Kconfig" | ||||||
| source "security/landlock/Kconfig" | source "security/landlock/Kconfig" | ||||||
|  | source "security/ipe/Kconfig" | ||||||
| 
 | 
 | ||||||
| source "security/integrity/Kconfig" | source "security/integrity/Kconfig" | ||||||
| 
 | 
 | ||||||
|  | @ -231,11 +232,11 @@ endchoice | ||||||
| 
 | 
 | ||||||
| config LSM | config LSM | ||||||
| 	string "Ordered list of enabled LSMs" | 	string "Ordered list of enabled LSMs" | ||||||
| 	default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK | 	default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,ipe,bpf" if DEFAULT_SECURITY_SMACK | ||||||
| 	default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR | 	default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,ipe,bpf" if DEFAULT_SECURITY_APPARMOR | ||||||
| 	default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO | 	default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,ipe,bpf" if DEFAULT_SECURITY_TOMOYO | ||||||
| 	default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC | 	default "landlock,lockdown,yama,loadpin,safesetid,ipe,bpf" if DEFAULT_SECURITY_DAC | ||||||
| 	default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf" | 	default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,ipe,bpf" | ||||||
| 	help | 	help | ||||||
| 	  A comma-separated list of LSMs, in initialization order. | 	  A comma-separated list of LSMs, in initialization order. | ||||||
| 	  Any LSMs left off this list, except for those with order | 	  Any LSMs left off this list, except for those with order | ||||||
|  |  | ||||||
|  | @ -25,6 +25,7 @@ obj-$(CONFIG_SECURITY_LOCKDOWN_LSM)	+= lockdown/ | ||||||
| obj-$(CONFIG_CGROUPS)			+= device_cgroup.o | obj-$(CONFIG_CGROUPS)			+= device_cgroup.o | ||||||
| obj-$(CONFIG_BPF_LSM)			+= bpf/ | obj-$(CONFIG_BPF_LSM)			+= bpf/ | ||||||
| obj-$(CONFIG_SECURITY_LANDLOCK)		+= landlock/ | obj-$(CONFIG_SECURITY_LANDLOCK)		+= landlock/ | ||||||
|  | obj-$(CONFIG_SECURITY_IPE)		+= ipe/ | ||||||
| 
 | 
 | ||||||
| # Object integrity file lists
 | # Object integrity file lists
 | ||||||
| obj-$(CONFIG_INTEGRITY)			+= integrity/ | obj-$(CONFIG_INTEGRITY)			+= integrity/ | ||||||
|  |  | ||||||
							
								
								
									
										17
									
								
								security/ipe/Kconfig
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								security/ipe/Kconfig
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,17 @@ | ||||||
|  | # SPDX-License-Identifier: GPL-2.0-only | ||||||
|  | # | ||||||
|  | # Integrity Policy Enforcement (IPE) configuration | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | menuconfig SECURITY_IPE | ||||||
|  | 	bool "Integrity Policy Enforcement (IPE)" | ||||||
|  | 	depends on SECURITY && SECURITYFS | ||||||
|  | 	select PKCS7_MESSAGE_PARSER | ||||||
|  | 	select SYSTEM_DATA_VERIFICATION | ||||||
|  | 	help | ||||||
|  | 	  This option enables the Integrity Policy Enforcement LSM | ||||||
|  | 	  allowing users to define a policy to enforce a trust-based access | ||||||
|  | 	  control. A key feature of IPE is a customizable policy to allow | ||||||
|  | 	  admins to reconfigure trust requirements on the fly. | ||||||
|  | 
 | ||||||
|  | 	  If unsure, answer N. | ||||||
							
								
								
									
										9
									
								
								security/ipe/Makefile
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								security/ipe/Makefile
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,9 @@ | ||||||
|  | # SPDX-License-Identifier: GPL-2.0
 | ||||||
|  | #
 | ||||||
|  | # Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
 | ||||||
|  | #
 | ||||||
|  | # Makefile for building the IPE module as part of the kernel tree.
 | ||||||
|  | #
 | ||||||
|  | 
 | ||||||
|  | obj-$(CONFIG_SECURITY_IPE) += \
 | ||||||
|  | 	ipe.o \
 | ||||||
							
								
								
									
										42
									
								
								security/ipe/ipe.c
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										42
									
								
								security/ipe/ipe.c
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,42 @@ | ||||||
|  | // SPDX-License-Identifier: GPL-2.0
 | ||||||
|  | /*
 | ||||||
|  |  * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. | ||||||
|  |  */ | ||||||
|  | #include <uapi/linux/lsm.h> | ||||||
|  | 
 | ||||||
|  | #include "ipe.h" | ||||||
|  | 
 | ||||||
|  | static struct lsm_blob_sizes ipe_blobs __ro_after_init = { | ||||||
|  | }; | ||||||
|  | 
 | ||||||
|  | static const struct lsm_id ipe_lsmid = { | ||||||
|  | 	.name = "ipe", | ||||||
|  | 	.id = LSM_ID_IPE, | ||||||
|  | }; | ||||||
|  | 
 | ||||||
|  | static struct security_hook_list ipe_hooks[] __ro_after_init = { | ||||||
|  | }; | ||||||
|  | 
 | ||||||
|  | /**
 | ||||||
|  |  * ipe_init() - Entry point of IPE. | ||||||
|  |  * | ||||||
|  |  * This is called at LSM init, which happens occurs early during kernel | ||||||
|  |  * start up. During this phase, IPE registers its hooks and loads the | ||||||
|  |  * builtin boot policy. | ||||||
|  |  * | ||||||
|  |  * Return: | ||||||
|  |  * * %0		- OK | ||||||
|  |  * * %-ENOMEM	- Out of memory (OOM) | ||||||
|  |  */ | ||||||
|  | static int __init ipe_init(void) | ||||||
|  | { | ||||||
|  | 	security_add_hooks(ipe_hooks, ARRAY_SIZE(ipe_hooks), &ipe_lsmid); | ||||||
|  | 
 | ||||||
|  | 	return 0; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | DEFINE_LSM(ipe) = { | ||||||
|  | 	.name = "ipe", | ||||||
|  | 	.init = ipe_init, | ||||||
|  | 	.blobs = &ipe_blobs, | ||||||
|  | }; | ||||||
							
								
								
									
										16
									
								
								security/ipe/ipe.h
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								security/ipe/ipe.h
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,16 @@ | ||||||
|  | /* SPDX-License-Identifier: GPL-2.0 */ | ||||||
|  | /*
 | ||||||
|  |  * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. | ||||||
|  |  */ | ||||||
|  | 
 | ||||||
|  | #ifndef _IPE_H | ||||||
|  | #define _IPE_H | ||||||
|  | 
 | ||||||
|  | #ifdef pr_fmt | ||||||
|  | #undef pr_fmt | ||||||
|  | #endif | ||||||
|  | #define pr_fmt(fmt) "ipe: " fmt | ||||||
|  | 
 | ||||||
|  | #include <linux/lsm_hooks.h> | ||||||
|  | 
 | ||||||
|  | #endif /* _IPE_H */ | ||||||
|  | @ -53,7 +53,8 @@ | ||||||
| 	(IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ | 	(IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ | ||||||
| 	(IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0) + \ | 	(IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0) + \ | ||||||
| 	(IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \ | 	(IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \ | ||||||
| 	(IS_ENABLED(CONFIG_EVM) ? 1 : 0)) | 	(IS_ENABLED(CONFIG_EVM) ? 1 : 0) + \ | ||||||
|  | 	(IS_ENABLED(CONFIG_SECURITY_IPE) ? 1 : 0)) | ||||||
| 
 | 
 | ||||||
| /*
 | /*
 | ||||||
|  * These are descriptions of the reasons that can be passed to the |  * These are descriptions of the reasons that can be passed to the | ||||||
|  |  | ||||||
|  | @ -128,6 +128,9 @@ TEST(correct_lsm_list_modules) | ||||||
| 		case LSM_ID_EVM: | 		case LSM_ID_EVM: | ||||||
| 			name = "evm"; | 			name = "evm"; | ||||||
| 			break; | 			break; | ||||||
|  | 		case LSM_ID_IPE: | ||||||
|  | 			name = "ipe"; | ||||||
|  | 			break; | ||||||
| 		default: | 		default: | ||||||
| 			name = "INVALID"; | 			name = "INVALID"; | ||||||
| 			break; | 			break; | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 Deven Bowers
						Deven Bowers