[PATCH 4/5] LSM: Define SELinux function to measure security state

Stephen Smalley stephen.smalley.work at gmail.com
Mon Jun 15 12:15:13 UTC 2020


On Mon, Jun 15, 2020 at 7:57 AM Stephen Smalley
<stephen.smalley.work at gmail.com> wrote:
> I think I mentioned this on a previous version of these patches, but I
> would recommend including more than just the enabled and enforcing
> states in your measurement.  Other low-hanging fruit would be the
> other selinux_state booleans (checkreqprot, initialized,
> policycap[0..__POLICYDB_CAPABILITY_MAX]).  Going a bit further one
> could take a hash of the loaded policy by using security_read_policy()

On second thought, you probably a variant of security_read_policy()
since it would be a kernel-internal allocation and thus shouldn't use
vmalloc_user().

> and then computing a hash using whatever hash ima prefers over the
> returned data,len pair.  You likely also need to think about how to
> allow future extensibility of the state in a backward-compatible
> manner, so that future additions do not immediately break systems
> relying on older measurements.



More information about the Linux-security-module-archive mailing list