ima: hooks for directory integrity protection
Both IMA-appraisal and EVM protect the integrity of regular files.
IMA protects file data integrity, while EVM protects the file meta-data
integrity, such as file attributes and extended attributes. This patch
set adds hooks for offline directory integrity protection.
An inode itself does not have any file name associated with it. The
association of the file name to inode is done via directory entries.
On a running system, mandatory and/or discretionary access control prevent
unprivileged file deletion, file name change, or hardlink creation.
In an offline attack, without these protections, the association between
a file name and an inode is unprotected. Files can be deleted, renamed
or moved from one directory to another one. In all of these cases,
the integrity of the file data and metadata is good.
To prevent such attacks, it is necessary to protect integrity of directory
content.
This patch adds 2 new hooks for directory integrity protection:
ima_dir_check() and ima_dir_update().
ima_dir_check() is called to verify integrity of the the directory during
the initial path lookup.
ima_dir_update() is called from several places in namei.c, when the directory
content is changing, for updating the directory hash.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
5 files changed
