1What: security/ima/policy 2Date: May 2008 3Contact: Mimi Zohar <zohar@us.ibm.com> 4Description: 5 The Trusted Computing Group(TCG) runtime Integrity 6 Measurement Architecture(IMA) maintains a list of hash 7 values of executables and other sensitive system files 8 loaded into the run-time of this system. At runtime, 9 the policy can be constrained based on LSM specific data. 10 Policies are loaded into the securityfs file ima/policy 11 by opening the file, writing the rules one at a time and 12 then closing the file. The new policy takes effect after 13 the file ima/policy is closed. 14 15 IMA appraisal, if configured, uses these file measurements 16 for local measurement appraisal. 17 18 rule format: action [condition ...] 19 20 action: measure | dont_measure | appraise | dont_appraise | audit 21 condition:= base | lsm 22 base: [[func=] [mask=] [fsmagic=] [uid=] [fowner]] 23 lsm: [[subj_user=] [subj_role=] [subj_type=] 24 [obj_user=] [obj_role=] [obj_type=]] 25 26 base: func:= [BPRM_CHECK][FILE_MMAP][FILE_CHECK][MODULE_CHECK] 27 mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC] 28 fsmagic:= hex value 29 uid:= decimal value 30 fowner:=decimal value 31 lsm: are LSM specific 32 33 default policy: 34 # PROC_SUPER_MAGIC 35 dont_measure fsmagic=0x9fa0 36 dont_appraise fsmagic=0x9fa0 37 # SYSFS_MAGIC 38 dont_measure fsmagic=0x62656572 39 dont_appraise fsmagic=0x62656572 40 # DEBUGFS_MAGIC 41 dont_measure fsmagic=0x64626720 42 dont_appraise fsmagic=0x64626720 43 # TMPFS_MAGIC 44 dont_measure fsmagic=0x01021994 45 dont_appraise fsmagic=0x01021994 46 # RAMFS_MAGIC 47 dont_measure fsmagic=0x858458f6 48 dont_appraise fsmagic=0x858458f6 49 # SECURITYFS_MAGIC 50 dont_measure fsmagic=0x73636673 51 dont_appraise fsmagic=0x73636673 52 53 measure func=BPRM_CHECK 54 measure func=FILE_MMAP mask=MAY_EXEC 55 measure func=FILE_CHECK mask=MAY_READ uid=0 56 measure func=MODULE_CHECK uid=0 57 appraise fowner=0 58 59 The default policy measures all executables in bprm_check, 60 all files mmapped executable in file_mmap, and all files 61 open for read by root in do_filp_open. The default appraisal 62 policy appraises all files owned by root. 63 64 Examples of LSM specific definitions: 65 66 SELinux: 67 # SELINUX_MAGIC 68 dont_measure fsmagic=0xf97cff8c 69 dont_appraise fsmagic=0xf97cff8c 70 71 dont_measure obj_type=var_log_t 72 dont_appraise obj_type=var_log_t 73 dont_measure obj_type=auditd_log_t 74 dont_appraise obj_type=auditd_log_t 75 measure subj_user=system_u func=FILE_CHECK mask=MAY_READ 76 measure subj_role=system_r func=FILE_CHECK mask=MAY_READ 77 78 Smack: 79 measure subj_user=_ func=FILE_CHECK mask=MAY_READ 80