ARM: Merge next-samsung-s3c2443-clock
[linux-2.6.git] / Documentation / ABI / testing / ima_policy
1 What:           security/ima/policy
2 Date:           May 2008
3 Contact:        Mimi Zohar <zohar@us.ibm.com>
4 Description:
5                 The Trusted Computing Group(TCG) runtime Integrity
6                 Measurement Architecture(IMA) maintains a list of hash
7                 values of executables and other sensitive system files
8                 loaded into the run-time of this system.  At runtime,
9                 the policy can be constrained based on LSM specific data.
10                 Policies are loaded into the securityfs file ima/policy
11                 by opening the file, writing the rules one at a time and
12                 then closing the file.  The new policy takes effect after
13                 the file ima/policy is closed.
14
15                 rule format: action [condition ...]
16
17                 action: measure | dont_measure
18                 condition:= base | lsm
19                         base:   [[func=] [mask=] [fsmagic=] [uid=]]
20                         lsm:    [[subj_user=] [subj_role=] [subj_type=]
21                                  [obj_user=] [obj_role=] [obj_type=]]
22
23                 base:   func:= [BPRM_CHECK][FILE_MMAP][INODE_PERMISSION]
24                         mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
25                         fsmagic:= hex value
26                         uid:= decimal value
27                 lsm:    are LSM specific
28
29                 default policy:
30                         # PROC_SUPER_MAGIC
31                         dont_measure fsmagic=0x9fa0
32                         # SYSFS_MAGIC
33                         dont_measure fsmagic=0x62656572
34                         # DEBUGFS_MAGIC
35                         dont_measure fsmagic=0x64626720
36                         # TMPFS_MAGIC
37                         dont_measure fsmagic=0x01021994
38                         # SECURITYFS_MAGIC
39                         dont_measure fsmagic=0x73636673
40
41                         measure func=BPRM_CHECK
42                         measure func=FILE_MMAP mask=MAY_EXEC
43                         measure func=INODE_PERM mask=MAY_READ uid=0
44
45                 The default policy measures all executables in bprm_check,
46                 all files mmapped executable in file_mmap, and all files
47                 open for read by root in inode_permission.
48
49                 Examples of LSM specific definitions:
50
51                 SELinux:
52                         # SELINUX_MAGIC
53                         dont_measure fsmagic=0xF97CFF8C
54
55                         dont_measure obj_type=var_log_t
56                         dont_measure obj_type=auditd_log_t
57                         measure subj_user=system_u func=INODE_PERM mask=MAY_READ
58                         measure subj_role=system_r func=INODE_PERM mask=MAY_READ
59
60                 Smack:
61                         measure subj_user=_ func=INODE_PERM mask=MAY_READ