tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

lsm: add IPE lsm

Integrity Policy Enforcement (IPE) is an LSM that provides an
complimentary approach to Mandatory Access Control than existing LSMs
today.

Existing LSMs have centered around the concept of access to a resource
should be controlled by the current user's credentials. IPE's approach,
is that access to a resource should be controlled by the system's trust
of a current resource.

The basis of this approach is defining a global policy to specify which
resource can be trusted.

Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Deven Bowers and committed by
Paul Moore 03115077 9ee68814

+97 -6
+1
include/uapi/linux/lsm.h
··· 64 64 #define LSM_ID_LANDLOCK 110 65 65 #define LSM_ID_IMA 111 66 66 #define LSM_ID_EVM 112 67 + #define LSM_ID_IPE 113 67 68 68 69 /* 69 70 * LSM_ATTR_XXX definitions identify different LSM attributes
+6 -5
security/Kconfig
··· 192 192 source "security/safesetid/Kconfig" 193 193 source "security/lockdown/Kconfig" 194 194 source "security/landlock/Kconfig" 195 + source "security/ipe/Kconfig" 195 196 196 197 source "security/integrity/Kconfig" 197 198 ··· 232 231 233 232 config LSM 234 233 string "Ordered list of enabled LSMs" 235 - default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK 236 - default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR 237 - default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO 238 - default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC 239 - default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf" 234 + default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,ipe,bpf" if DEFAULT_SECURITY_SMACK 235 + default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,ipe,bpf" if DEFAULT_SECURITY_APPARMOR 236 + default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,ipe,bpf" if DEFAULT_SECURITY_TOMOYO 237 + default "landlock,lockdown,yama,loadpin,safesetid,ipe,bpf" if DEFAULT_SECURITY_DAC 238 + default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,ipe,bpf" 240 239 help 241 240 A comma-separated list of LSMs, in initialization order. 242 241 Any LSMs left off this list, except for those with order
+1
security/Makefile
··· 25 25 obj-$(CONFIG_CGROUPS) += device_cgroup.o 26 26 obj-$(CONFIG_BPF_LSM) += bpf/ 27 27 obj-$(CONFIG_SECURITY_LANDLOCK) += landlock/ 28 + obj-$(CONFIG_SECURITY_IPE) += ipe/ 28 29 29 30 # Object integrity file lists 30 31 obj-$(CONFIG_INTEGRITY) += integrity/
+17
security/ipe/Kconfig
··· 1 + # SPDX-License-Identifier: GPL-2.0-only 2 + # 3 + # Integrity Policy Enforcement (IPE) configuration 4 + # 5 + 6 + menuconfig SECURITY_IPE 7 + bool "Integrity Policy Enforcement (IPE)" 8 + depends on SECURITY && SECURITYFS 9 + select PKCS7_MESSAGE_PARSER 10 + select SYSTEM_DATA_VERIFICATION 11 + help 12 + This option enables the Integrity Policy Enforcement LSM 13 + allowing users to define a policy to enforce a trust-based access 14 + control. A key feature of IPE is a customizable policy to allow 15 + admins to reconfigure trust requirements on the fly. 16 + 17 + If unsure, answer N.
+9
security/ipe/Makefile
··· 1 + # SPDX-License-Identifier: GPL-2.0 2 + # 3 + # Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. 4 + # 5 + # Makefile for building the IPE module as part of the kernel tree. 6 + # 7 + 8 + obj-$(CONFIG_SECURITY_IPE) += \ 9 + ipe.o \
+42
security/ipe/ipe.c
··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* 3 + * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. 4 + */ 5 + #include <uapi/linux/lsm.h> 6 + 7 + #include "ipe.h" 8 + 9 + static struct lsm_blob_sizes ipe_blobs __ro_after_init = { 10 + }; 11 + 12 + static const struct lsm_id ipe_lsmid = { 13 + .name = "ipe", 14 + .id = LSM_ID_IPE, 15 + }; 16 + 17 + static struct security_hook_list ipe_hooks[] __ro_after_init = { 18 + }; 19 + 20 + /** 21 + * ipe_init() - Entry point of IPE. 22 + * 23 + * This is called at LSM init, which happens occurs early during kernel 24 + * start up. During this phase, IPE registers its hooks and loads the 25 + * builtin boot policy. 26 + * 27 + * Return: 28 + * * %0 - OK 29 + * * %-ENOMEM - Out of memory (OOM) 30 + */ 31 + static int __init ipe_init(void) 32 + { 33 + security_add_hooks(ipe_hooks, ARRAY_SIZE(ipe_hooks), &ipe_lsmid); 34 + 35 + return 0; 36 + } 37 + 38 + DEFINE_LSM(ipe) = { 39 + .name = "ipe", 40 + .init = ipe_init, 41 + .blobs = &ipe_blobs, 42 + };
+16
security/ipe/ipe.h
··· 1 + /* SPDX-License-Identifier: GPL-2.0 */ 2 + /* 3 + * Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved. 4 + */ 5 + 6 + #ifndef _IPE_H 7 + #define _IPE_H 8 + 9 + #ifdef pr_fmt 10 + #undef pr_fmt 11 + #endif 12 + #define pr_fmt(fmt) "ipe: " fmt 13 + 14 + #include <linux/lsm_hooks.h> 15 + 16 + #endif /* _IPE_H */
+2 -1
security/security.c
··· 53 53 (IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \ 54 54 (IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0) + \ 55 55 (IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \ 56 - (IS_ENABLED(CONFIG_EVM) ? 1 : 0)) 56 + (IS_ENABLED(CONFIG_EVM) ? 1 : 0) + \ 57 + (IS_ENABLED(CONFIG_SECURITY_IPE) ? 1 : 0)) 57 58 58 59 /* 59 60 * These are descriptions of the reasons that can be passed to the
+3
tools/testing/selftests/lsm/lsm_list_modules_test.c
··· 128 128 case LSM_ID_EVM: 129 129 name = "evm"; 130 130 break; 131 + case LSM_ID_IPE: 132 + name = "ipe"; 133 + break; 131 134 default: 132 135 name = "INVALID"; 133 136 break;