Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1619944ybt; Mon, 15 Jun 2020 05:18:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzAkS28UgP7eTwZ21TWKzfju0Es6IJLlAS8Pmpsrf4qgB8ooaEa9UWMd5vXhntyW+FOJbWA X-Received: by 2002:a17:906:d8bc:: with SMTP id qc28mr26873485ejb.167.1592223485147; Mon, 15 Jun 2020 05:18:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592223485; cv=none; d=google.com; s=arc-20160816; b=nnAkGJ3rNQI3V77VYicZz9muxPINZTAxs9OpHwRNoC7D8WlI4VJOWaRBbBjMJtv3KE jia2ejLg3fsRCz6EVt8U4sn+yStHcbyMwYVm5nOlLbgEd4MnZPXicjclY3lQWqGaykEJ P0xnG3p6W5Lc7ipLgLxvTCCArm4/Ooxrz3eUEqd/x5KPoU9xFgk3HnnGw5drNjGO3ysO Zye0aw4tRQSsmqSQCAycttoNjtk6xWVPAcbB+gm6MqGhe9Telv8My84K6NyY+rXT/6Um 1XY+8Z8j4+qRC1NHjCbTUDBK/Y2YruhppQJ2nhZfQEMcAHJ4xarTZbA5m6kOg0R2Usey 0ylQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=OYfeN+lomf5loXuUSsePWE7mRHJpvA/I4T/5bpNYLAY=; b=XX5MT0lGPJ+VR/gDIVQdr3w7nRrBLelSH50HqPioNZ+41DIA6KwByo9ju5bx1yIeDt twtqtdag8vT7MfLTxio3JM2ZASUcx8nM//aEGDijQmgh1Kq+4NlkeoBy71EZm7QWPqRd JrnbMU4ChR56Oj3kB55+0sjRQ3Hdrnc6GU7aQPdlwRZ/gu5z6obAym6BLCfLFOX3fXP1 796IFM2e6hiIFCt93Sv22iiRx9T2mBJof7fIBONitdfFxmBqX+UYwZnKcC4Gmu62yx8X KT//IKWRzvxQObk0mV0DvCX2SyF9pmID5EpXM93iMVSh6e4z8tf39x3DutC1JI3XhEHP bmjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=T4AGUVXn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c62si8977078edd.408.2020.06.15.05.17.43; Mon, 15 Jun 2020 05:18:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=T4AGUVXn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729825AbgFOMP0 (ORCPT + 99 others); Mon, 15 Jun 2020 08:15:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729642AbgFOMPY (ORCPT ); Mon, 15 Jun 2020 08:15:24 -0400 Received: from mail-oi1-x243.google.com (mail-oi1-x243.google.com [IPv6:2607:f8b0:4864:20::243]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82E0EC061A0E; Mon, 15 Jun 2020 05:15:24 -0700 (PDT) Received: by mail-oi1-x243.google.com with SMTP id a137so15671678oii.3; Mon, 15 Jun 2020 05:15:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OYfeN+lomf5loXuUSsePWE7mRHJpvA/I4T/5bpNYLAY=; b=T4AGUVXndhnCDxHQKxLQEEIc7ZokeMONi82ra0kiJCuQXe9+11agB7ic0ynPmiAoSb YidIatx5FjuebJ9yH5fabmkbLzPM+66rbekkPAMm+rocOnEtGC0tqhKCRbibxP78oO8O nglHx6uNc6cPOTSvevCrGFEgn98bPyInJoHeLkTMagnFAno4QsEqJ/H06FEGAYr/d9IM 2guwwi62J8i82MhHKColWTGHiRz3R0EJgpE4xCg3U/x8m0DGrSl9Q9jbFzuju49YurpP pG3X7Gdr5W+6C4bKny6xvD4XZIYR2T6lVZJcgdRrCxwHe1yMkwfOT9BMi+EQ5CJxNtHB 87pA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OYfeN+lomf5loXuUSsePWE7mRHJpvA/I4T/5bpNYLAY=; b=EpJPYeHb9cRA4EvAVOsTIBst+Zreq+VSd2mAi1j05lkbs763B+ngqYpDo5hyQVfObJ fA2Pz0b0nBzZlq38vWV//yNA09hJqgBUuByvafpN3VzIC3e+bCwQk4YBanEJECLlLf6D 01P91GpXbr8hTgp5brQ86a1fwRDUpYtmtFOT5Jz2sSMwI5JQdaIdgdzL6yl37wFo2yeo np2zeQwXpOLP2ZB6kShM4UUlLtlVCR9U0ar6aDQGeXWhn8atS5wEtySfLhc70ebt0+dP wq1qOMBgaMsuhLIvB+KqUSua/qpcTTY1f3AFhLac8uQDgwmQIarQc4Vetw6jh6DYLbLf 3Dag== X-Gm-Message-State: AOAM533SbwHbCLin1jLhT0Eld5FBVPilX3qsbh/Cg1/QRW9yyjub6fKo XPuy5dV+pQHJ71BOtZhORNhA1E5j5/XJxnC0MqI= X-Received: by 2002:aca:ec97:: with SMTP id k145mr8317724oih.92.1592223323851; Mon, 15 Jun 2020 05:15:23 -0700 (PDT) MIME-Version: 1.0 References: <20200613024130.3356-1-nramas@linux.microsoft.com> <20200613024130.3356-5-nramas@linux.microsoft.com> In-Reply-To: From: Stephen Smalley Date: Mon, 15 Jun 2020 08:15:13 -0400 Message-ID: Subject: Re: [PATCH 4/5] LSM: Define SELinux function to measure security state To: Lakshmi Ramasubramanian Cc: Mimi Zohar , Stephen Smalley , Casey Schaufler , James Morris , linux-integrity@vger.kernel.org, LSM List , linux-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 15, 2020 at 7:57 AM Stephen Smalley wrote: > I think I mentioned this on a previous version of these patches, but I > would recommend including more than just the enabled and enforcing > states in your measurement. Other low-hanging fruit would be the > other selinux_state booleans (checkreqprot, initialized, > policycap[0..__POLICYDB_CAPABILITY_MAX]). Going a bit further one > could take a hash of the loaded policy by using security_read_policy() On second thought, you probably a variant of security_read_policy() since it would be a kernel-internal allocation and thus shouldn't use vmalloc_user(). > and then computing a hash using whatever hash ima prefers over the > returned data,len pair. You likely also need to think about how to > allow future extensibility of the state in a backward-compatible > manner, so that future additions do not immediately break systems > relying on older measurements.