Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1943245ybt; Mon, 15 Jun 2020 13:37:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwdkS51INLpHLYBaRedtsGOxaADOELqOQDICM32AenQOJnAORSDytp+DqIFHtLUDniYEttt X-Received: by 2002:aa7:c987:: with SMTP id c7mr24690844edt.268.1592253447982; Mon, 15 Jun 2020 13:37:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592253447; cv=none; d=google.com; s=arc-20160816; b=cI3fE9AcbB0dQsmNd+KI5//xZ+7s4PSlUG6NQJ1EoJkyzlOfsW5zPIFF1FnerM9qpA wWwUktqOuG+SzJMEoStNrOSO8JXP7ow4FJaST3tS/NXvIHTzQjPV6glbXkBFueRtmoKz ng1O5iytOLD3EQnyszwN0dD3TWS/go4QPdx34x/qyS+fEHEFQP7pDwcuMhDsPB+cpFF3 CnD3ZcI9ygzXm+9ODo4KMS+UXDAuGodc46PPyc5YlXg+GyIHgNgocCl0EEzXJOSO3MAs OYugc4qMrHdSc2LQJDZT26jOxHQz9qoXmalBlSSH1fvIhS9f7SqCcw9c0s76r2z6/NOE 6rWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=KLVfcRpFW5Aj6KKAQq0GdGr+kv8j/Al0S7eZSYFMCko=; b=ipSviJ0VMHKjU1KpuZ0BfOTvJy3Pn98cmV1LiOnky4x0iU56Yn7WKcLg9IwEPM4e3a TJZOqOCFyrbPgcKWMoLXOuR6dmIUE2d0aGc9RS/psGwIB1ZbjF67bDpuVQ+HMNcp8n6i THSzCp+E6CWzPrlkQYr2OK5Bm4VWT2w6SgTTk5qcraB5hqGw6Cwa+7yjtRNYHjFsp6XL WXwbL6sQxZbACf9BENClqJ3lqpFTJs2Jw0IzcD90EjIGOvDvsHABU2ktYEj/a/oglZTM bQt/NPs4mjMoaT3ceaXbSReftIoGeU+lL/5Jmdz477TNCqAMiGew/oepueRhcq6Ie9CW XWJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="Iv/YrP4A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ds17si12260301ejc.619.2020.06.15.13.37.05; Mon, 15 Jun 2020 13:37:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="Iv/YrP4A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731618AbgFOUcL (ORCPT + 99 others); Mon, 15 Jun 2020 16:32:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37740 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731026AbgFOUcK (ORCPT ); Mon, 15 Jun 2020 16:32:10 -0400 Received: from mail-oi1-x241.google.com (mail-oi1-x241.google.com [IPv6:2607:f8b0:4864:20::241]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1BFCC061A0E; Mon, 15 Jun 2020 13:32:10 -0700 (PDT) Received: by mail-oi1-x241.google.com with SMTP id d67so17120235oig.6; Mon, 15 Jun 2020 13:32:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KLVfcRpFW5Aj6KKAQq0GdGr+kv8j/Al0S7eZSYFMCko=; b=Iv/YrP4AHCQnhLjL010QvvMb7F5ILf7ZlURh1XuurOztBybIWm7+vT4F1FCdp5YGJw LoUvT3tFzO39ulQWYgPzAjV7ifE9IPTxG/VCBz5nFu0whlpYUX363uFx4dfT3kxWhY3R bmvxY1qArH9Ds8G9cly1KSeQrbxujb3gPr1w97BO3N+OkwuwtiMcp1hTV5fLt+YVd6N7 NMRRkvVHUM20EJmfMQ8KopEgT6yu3nWKOO9pdnT3h9L8qoGGEBckbpmmPRyofPJzPNfq f2KCVsnTVn0aPG21HaiTQbk3tDeK37oH9w03FxtpBWkfrOq14AmxHIGd3uwvZGAb+wI1 kH3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KLVfcRpFW5Aj6KKAQq0GdGr+kv8j/Al0S7eZSYFMCko=; b=N0GtXjpbkK4AHPXgUzAv9CytdlSRDhVg6K1s8oRyfRs+u7vG8NMOfBZSdTiwYepQC7 Y3N3PtXWew3pQsiSviZiH0xj6HEMnafaOluedBN7FMUMLwc0pm1XpqxUmvB4NW5LhJI3 3Zm2DBiJvhdEsaiGorOGOkFdXOFeOHF8Rj12wX4hDctmfPGT+b0izjv5ICJgRVh21ZKq BsBy/JvszRM5s1XwG5bQ939yUPYMGND90GLgwGHFew3HbSp+QDiSkiSNJBjxIHe7eLAr 60Jj7UsuXOFgnbfyU9UiifHlz+W0vT7H3JJMi2+uoS1ECGfLAGOgQJE/y9Kc+7Ohnfzb pn0A== X-Gm-Message-State: AOAM530JuzH2bGfhI+74PMgd78Axn6n6xD2HLLpRPQaVe3dxtjMRd9yO 87mp9YR8pKGkdtDy/IHCgitZuHcEZ7iPqJ4lYXU= X-Received: by 2002:aca:3283:: with SMTP id y125mr955658oiy.140.1592253130159; Mon, 15 Jun 2020 13:32:10 -0700 (PDT) MIME-Version: 1.0 References: <20200613024130.3356-1-nramas@linux.microsoft.com> <20200613024130.3356-5-nramas@linux.microsoft.com> In-Reply-To: From: Stephen Smalley Date: Mon, 15 Jun 2020 16:31:59 -0400 Message-ID: Subject: Re: [PATCH 4/5] LSM: Define SELinux function to measure security state To: Lakshmi Ramasubramanian Cc: Mimi Zohar , Stephen Smalley , Casey Schaufler , James Morris , linux-integrity@vger.kernel.org, LSM List , linux-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 15, 2020 at 12:45 PM Lakshmi Ramasubramanian wrote: > > On 6/15/20 4:57 AM, Stephen Smalley wrote: > > I think I mentioned this on a previous version of these patches, but I > > would recommend including more than just the enabled and enforcing > > states in your measurement. Other low-hanging fruit would be the > > other selinux_state booleans (checkreqprot, initialized, > > policycap[0..__POLICYDB_CAPABILITY_MAX]). Going a bit further one > > could take a hash of the loaded policy by using security_read_policy() > > and then computing a hash using whatever hash ima prefers over the > > returned data,len pair. You likely also need to think about how to > > allow future extensibility of the state in a backward-compatible > > manner, so that future additions do not immediately break systems > > relying on older measurements. > > > > Sure - I will address this one in the next update. Please add selinux list to the cc for future versions too.