[Linux-ima-user] [RFC][PATCH][0/1] IMA

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Description of the issue:

There is a variety of criteria that can be used to determine if a file must be 
measured or not; an useful feature of recent versions of IMA is the ability
of take measure decisions depending on the label assigned by a "Mandatory 
Access Control" to a process which is accessing a file or depending on the 
object label itself.
In general these data, i.e. the subject and the object labels, can be used 
during the "Remote Attestation" by a verifier to better evaluate if a trust 
relationship should be established with the remote peer: for example if 
it wants to check the integrity only of the sshd server, it can 
examine the executable and libraries mapped in the process assigned memory by 
selecting, from the list of measurements with enhanced format, the rows 
with subject label "sshd_t". 
This is just a possible check that can be done: to evaluate the integrity 
of a generic software component, the verifier must know what Mandatory Access
Control is being executed on the remote system and the relative policy since 
the latter is where labels and rules are defined. 
The current format of the measurement list is:

| PCR extended | template digest | ima | event digest | event name |

Solution proposed:

The new format proposed adds two new fields:

| PCR extended | template digest | ima | event digest | event name | subject 
label | object label |

The added data is retrieved in "ima_store_measurement" by calling the function
"security_secid_to_secctx".
Since the template digest is obtained by performing the SHA1 of "event digest" 
and "event name", in the patched code even the two added fields have been 
included in the hash operation.

This patch set applies to kernel 2.6.32 series and 2.6.33 series.

Roberto Sassu (1):
        ima: extending the format of the measurement list