1. 02 11月, 2011 1 次提交
  2. 17 5月, 2010 1 次提交
  3. 07 5月, 2010 1 次提交
  4. 05 5月, 2010 1 次提交
  5. 25 10月, 2009 1 次提交
  6. 13 2月, 2009 1 次提交
    • R
      ima: fix build error · b53fab9d
      Randy Dunlap 提交于
      IMA_LSM_RULES requires AUDIT.  This is automatic if SECURITY_SELINUX=y
      but not when SECURITY_SMACK=y (and SECURITY_SELINUX=n), so make the
      dependency explicit.  This fixes the following build error:
      
      security/integrity/ima/ima_policy.c:111:error: implicit declaration of function 'security_audit_rule_match'
      security/integrity/ima/ima_policy.c:230:error: implicit declaration of function 'security_audit_rule_init'
      Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Acked-by: NMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      b53fab9d
  7. 06 2月, 2009 2 次提交
    • M
      integrity: IMA policy · 4af4662f
      Mimi Zohar 提交于
      Support for a user loadable policy through securityfs
      with support for LSM specific policy data.
      - free invalid rule in ima_parse_add_rule()
      Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
      Acked-by: NSerge Hallyn <serue@us.ibm.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      4af4662f
    • M
      integrity: IMA as an integrity service provider · 3323eec9
      Mimi Zohar 提交于
      IMA provides hardware (TPM) based measurement and attestation for
      file measurements. As the Trusted Computing (TPM) model requires,
      IMA measures all files before they are accessed in any way (on the
      integrity_bprm_check, integrity_path_check and integrity_file_mmap
      hooks), and commits the measurements to the TPM. Once added to the
      TPM, measurements can not be removed.
      
      In addition, IMA maintains a list of these file measurements, which
      can be used to validate the aggregate value stored in the TPM.  The
      TPM can sign these measurements, and thus the system can prove, to
      itself and to a third party, the system's integrity in a way that
      cannot be circumvented by malicious or compromised software.
      
      - alloc ima_template_entry before calling ima_store_template()
      - log ima_add_boot_aggregate() failure
      - removed unused IMA_TEMPLATE_NAME_LEN
      - replaced hard coded string length with #define name
      Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
      Signed-off-by: NJames Morris <jmorris@namei.org>
      3323eec9