[RFC PATCH v8 06/17] uapi|audit: add ipe audit message definitions

[RFC PATCH v8 00/17] Integrity Policy Enforcement LSM (IPE) · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 06/17] uapi|audit: add ipe audit message definitions · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 01/17] security: add ipe lsm & initial context creation · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 04/17] ipe: add userspace interface · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 10/17] block|security: add LSM blob to block_device · Deven Bowers <hidden> · 2022-06-08
Re: [RFC PATCH v8 10/17] block|security: add LSM blob to block_device · Casey Schaufler <casey@schaufler-ca.com> · 2022-06-08
Re: [RFC PATCH v8 10/17] block|security: add LSM blob to block_device · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 07/17] ipe: add auditing support · Deven Bowers <hidden> · 2022-06-08
Re: [RFC PATCH v8 07/17] ipe: add auditing support · Paul Moore <paul@paul-moore.com> · 2022-06-15
Re: [RFC PATCH v8 07/17] ipe: add auditing support · Tyler Hicks <code@tyhicks.com> · 2022-08-09
[RFC PATCH v8 08/17] ipe: add permissive toggle · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 09/17] ipe: introduce 'boot_verified' as a trust provider · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 02/17] ipe: add policy parser · Deven Bowers <hidden> · 2022-06-08
Re: [RFC PATCH v8 02/17] ipe: add policy parser · Paul Moore <paul@paul-moore.com> · 2022-06-15
[RFC PATCH v8 14/17] ipe: enable support for fs-verity as a trust provider · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 17/17] documentation: add ipe documentation · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 15/17] scripts: add boot policy generation program · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 13/17] fsverity: consume builtin signature via LSM hook · Deven Bowers <hidden> · 2022-06-08
Re: [RFC PATCH v8 13/17] fsverity: consume builtin signature via LSM hook · Eric Biggers <ebiggers@kernel.org> · 2022-06-09
[RFC PATCH v8 12/17] ipe: add support for dm-verity as a trust provider · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 16/17] ipe: kunit tests · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 11/17] dm-verity: consume root hash digest and signature data via LSM hook · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 05/17] ipe: add LSM hooks on execution and kernel read · Deven Bowers <hidden> · 2022-06-08
[RFC PATCH v8 03/17] ipe: add evaluation loop · Deven Bowers <hidden> · 2022-06-08
Re: [RFC PATCH v8 00/17] Integrity Policy Enforcement LSM (IPE) · Matthew Wilcox <willy@infradead.org> · 2022-06-08
Re: [RFC PATCH v8 00/17] Integrity Policy Enforcement LSM (IPE) · Deven Bowers <hidden> · 2022-06-08

STALE1416d

Revisions (8)

2020-04-06 v1 [diff vs current]
2020-04-06 resend [diff vs current]
2020-04-06 v2 [diff vs current]
2020-04-15 v3 [diff vs current]
2020-07-17 v4 [diff vs current]
2020-07-28 v5 [diff vs current]
2020-07-30 v6 [diff vs current]
2022-06-08 v8 current

From: Deven Bowers <hidden>
Date: 2022-06-08 19:02:01
Also in: dm-devel, linux-block, linux-doc, linux-fscrypt, linux-integrity, lkml
Subsystem: audit subsystem, the rest · Maintainers: Paul Moore, Eric Paris, Linus Torvalds

Introduce new definitions to audit.h centered around trust
decisions and policy loading and activation, as an extension
of the mandatory access control fields.

Signed-off-by: Deven Bowers <redacted>

---
v2:
  + Split evaluation loop, access control hooks,
    and evaluation loop from policy parser and userspace
    interface to pass mailing list character limit

v3:
  + Move ipe_load_properties to patch 04.
  + Remove useless 0-initializations
  + Prefix extern variables with ipe_
  + Remove kernel module parameters, as these are
    exposed through sysctls.
  + Add more prose to the IPE base config option
    help text.
  + Use GFP_KERNEL for audit_log_start.
  + Remove unnecessary caching system.
  + Remove comments from headers
  + Use rcu_access_pointer for rcu-pointer null check
  + Remove usage of reqprot; use prot only.
  + Move policy load and activation audit event to 03/12

v4:
  + Remove sysctls in favor of securityfs nodes
  + Re-add kernel module parameters, as these are now
    exposed through securityfs.
  + Refactor property audit loop to a separate function.

v5:
  + fix minor grammatical errors
  + do not group rule by curly-brace in audit record,
    reconstruct the exact rule.

v6:
  + No changes

v7:
  + Further split audit system patch into two separate patches; one
    for include/uapi, and the usage of the new defines.

  + Change audit records to MAC region (14XX) from
    Integrity region (18XX), as IPE is an effectively a MAC system
    around authenticity versus an extension to the integrity subsystem.

  + Generalize the #defines to support the class of trust-based
    access-control LSMs.

v8:
  + Change audit type:
    + AUDIT_TRUST_RESULT -> AUDIT_IPE_ACCESS

  + Remove audit types (replaced by existing types):
    + AUDIT_TRUST_POLICY_LOAD
    + AUDIT_TRUST_POLICY_ACTIVATE
    + AUDIT_TRUST_STATUS
---
 include/uapi/linux/audit.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index 7c1dc818b1d5..78b9a04d5b41 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h

@@ -143,6 +143,7 @@
 #define AUDIT_MAC_UNLBL_STCDEL	1417	/* NetLabel: del a static label */
 #define AUDIT_MAC_CALIPSO_ADD	1418	/* NetLabel: add CALIPSO DOI entry */
 #define AUDIT_MAC_CALIPSO_DEL	1419	/* NetLabel: del CALIPSO DOI entry */
+#define AUDIT_IPE_ACCESS	1420	/* IPE Denial or Grant */
 
 #define AUDIT_FIRST_KERN_ANOM_MSG   1700
 #define AUDIT_LAST_KERN_ANOM_MSG    1799

-- 
2.25.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help