[WIP][RFC][PATCH 1/3] security: introduce call_int_hook_and() macro

Roberto Sassu roberto.sassu at huawei.com
Thu Aug 29 14:29:22 UTC 2019


> -----Original Message-----
> From: Casey Schaufler [mailto:casey at schaufler-ca.com]
> Sent: Monday, August 19, 2019 4:52 PM
> To: Roberto Sassu <roberto.sassu at huawei.com>; linux-
> integrity at vger.kernel.org
> Cc: linux-security-module at vger.kernel.org; zohar at linux.ibm.com; Dmitry
> Kasatkin <dmitry.kasatkin at huawei.com>; Silviu Vlasceanu
> <Silviu.Vlasceanu at huawei.com>
> Subject: Re: [WIP][RFC][PATCH 1/3] security: introduce call_int_hook_and()
> macro
> 
> On 8/18/2019 4:57 PM, Roberto Sassu wrote:
> > The LSM hooks audit_rule_known() and audit_rule_match() define 1 as
> > result for successful operation. However, the security_ functions use
> > call_int_hook() which stops iterating over LSMs if the result is not
> > zero.
> >
> > Introduce call_int_hook_and(), so that the final result returned by
> > the security_ functions is 1 if all LSMs return 1.
> 
> I don't think this is what you want. You want an audit record generated if
> any of the security modules want one, not only if all of the security modules
> want one.

Right, it would be better if I can specify the prefix of the LSM that should
execute the audit_rule_match() hook.

For example, I would like to specify in the IMA policy:

measure subj_type=infoflow:tcb

'infoflow:tcb' would be the value of the 'lsmrule' parameter of
security_audit_rule_match().

The rule would be evaluated only by Infoflow LSM, and not SELinux.

Roberto



More information about the Linux-security-module-archive mailing list