git.kernel.dk Git - linux-2.6-block.git/commit

author	Nayna Jain <nayna@linux.ibm.com>
	Thu, 31 Oct 2019 03:31:30 +0000 (23:31 -0400)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Tue, 12 Nov 2019 01:25:50 +0000 (12:25 +1100)
commit	e14555e3d0e9edfad0a6840c0152f71aba97e793
tree	043793c6388f53a4efeac81e0b12242d3c083156	tree \| snapshot
parent	1917855f4e0658c313e280671ad87774dbfb7b24	commit \| diff

ima: Make process_buffer_measurement() generic

process_buffer_measurement() is limited to measuring the kexec boot
command line. This patch makes process_buffer_measurement() more
generic, allowing it to measure other types of buffer data (e.g.
blacklisted binary hashes or key hashes).

process_buffer_measurement() may be called directly from an IMA hook
or as an auxiliary measurement record. In both cases the buffer
measurement is based on policy. This patch modifies the function to
conditionally retrieve the policy defined PCR and template for the IMA
hook case.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
[zohar@linux.ibm.com: added comment in process_buffer_measurement()]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1572492694-6520-6-git-send-email-zohar@linux.ibm.com

security/integrity/ima/ima.h		diff \| blob \| blame \| history
security/integrity/ima/ima_main.c		diff \| blob \| blame \| history