Re: [PATCH 4/5] LSM: Define SELinux function to measure security state
From: Stephen Smalley
Date: Mon Jun 15 2020 - 08:15:27 EST
On Mon, Jun 15, 2020 at 7:57 AM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
> I think I mentioned this on a previous version of these patches, but I
> would recommend including more than just the enabled and enforcing
> states in your measurement. Other low-hanging fruit would be the
> other selinux_state booleans (checkreqprot, initialized,
> policycap[0..__POLICYDB_CAPABILITY_MAX]). Going a bit further one
> could take a hash of the loaded policy by using security_read_policy()
On second thought, you probably a variant of security_read_policy()
since it would be a kernel-internal allocation and thus shouldn't use
vmalloc_user().
> and then computing a hash using whatever hash ima prefers over the
> returned data,len pair. You likely also need to think about how to
> allow future extensibility of the state in a backward-compatible
> manner, so that future additions do not immediately break systems
> relying on older measurements.