On Jun 28, 2023 Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx> wrote: > > Integrity Policy Enforcement (IPE) is an LSM that provides an > complimentary approach to Mandatory Access Control than existing LSMs > today. > > Existing LSMs have centered around the concept of access to a resource > should be controlled by the current user's credentials. IPE's approach, > is that access to a resource should be controlled by the system's trust > of a current resource. > > The basis of this approach is defining a global policy to specify which > resource can be trusted. > > Signed-off-by: Deven Bowers <deven.desai@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx> > --- > MAINTAINERS | 7 +++++++ > security/Kconfig | 11 ++++++----- > security/Makefile | 1 + > security/ipe/Kconfig | 17 +++++++++++++++++ > security/ipe/Makefile | 10 ++++++++++ > security/ipe/ipe.c | 37 +++++++++++++++++++++++++++++++++++++ > security/ipe/ipe.h | 16 ++++++++++++++++ > 7 files changed, 94 insertions(+), 5 deletions(-) > create mode 100644 security/ipe/Kconfig > create mode 100644 security/ipe/Makefile > create mode 100644 security/ipe/ipe.c > create mode 100644 security/ipe/ipe.h ... > diff --git a/MAINTAINERS b/MAINTAINERS > index a82795114ad4..ad00887d38ea 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -10278,6 +10278,13 @@ T: git git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git > F: security/integrity/ > F: security/integrity/ima/ > > +INTEGRITY POLICY ENFORCEMENT (IPE) > +M: Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx> > +L: linux-security-module@xxxxxxxxxxxxxxx > +S: Supported > +T: git git://github.com/microsoft/ipe.git Using the raw git protocol doesn't seem to work with GH, I think you need to refernce the git/https URL: https://github.com/microsoft/ipe.git > +F: security/ipe/ > + > INTEL 810/815 FRAMEBUFFER DRIVER > M: Antonino Daplas <adaplas@xxxxxxxxx> > L: linux-fbdev@xxxxxxxxxxxxxxx > diff --git a/security/Kconfig b/security/Kconfig > index 97abeb9b9a19..daa4626ea99c 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -202,6 +202,7 @@ source "security/yama/Kconfig" > source "security/safesetid/Kconfig" > source "security/lockdown/Kconfig" > source "security/landlock/Kconfig" > +source "security/ipe/Kconfig" > > source "security/integrity/Kconfig" > > @@ -241,11 +242,11 @@ endchoice > > config LSM > string "Ordered list of enabled LSMs" > - default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf" if DEFAULT_SECURITY_SMACK > - default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf" if DEFAULT_SECURITY_APPARMOR > - default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf" if DEFAULT_SECURITY_TOMOYO > - default "landlock,lockdown,yama,loadpin,safesetid,bpf" if DEFAULT_SECURITY_DAC > - default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf" > + default "landlock,lockdown,yama,loadpin,safesetid,smack,selinux,tomoyo,apparmor,bpf,ipe" if DEFAULT_SECURITY_SMACK > + default "landlock,lockdown,yama,loadpin,safesetid,apparmor,selinux,smack,tomoyo,bpf,ipe" if DEFAULT_SECURITY_APPARMOR > + default "landlock,lockdown,yama,loadpin,safesetid,tomoyo,bpf,ipe" if DEFAULT_SECURITY_TOMOYO > + default "landlock,lockdown,yama,loadpin,safesetid,bpf,ipe" if DEFAULT_SECURITY_DAC > + default "landlock,lockdown,yama,loadpin,safesetid,selinux,smack,tomoyo,apparmor,bpf,ipe" Generally speaking the BPF LSM should be the last entry in the LSM list to help prevent issues caused by a BPF LSM returning an improper error and shortcutting a LSM after it. > help > A comma-separated list of LSMs, in initialization order. > Any LSMs left off this list, except for those with order ... > diff --git a/security/ipe/Makefile b/security/ipe/Makefile > new file mode 100644 > index 000000000000..571648579991 > --- /dev/null > +++ b/security/ipe/Makefile > @@ -0,0 +1,10 @@ > +# SPDX-License-Identifier: GPL-2.0 > +# > +# Copyright (C) Microsoft Corporation. All rights reserved. > +# > +# Makefile for building the IPE module as part of the kernel tree. > +# > + > +obj-$(CONFIG_SECURITY_IPE) += \ > + hooks.o \ > + ipe.o \ It doesn't look like security/ipe/hook.c is included in this patch. It is important to ensure that each patch compiles after it is applied. -- paul-moore.com
