summaryrefslogtreecommitdiffstats
path: root/security/integrity/ima/ima.h
diff options
context:
space:
mode:
authorNayna Jain <nayna@linux.ibm.com>2019-10-30 23:31:30 -0400
committerMichael Ellerman <mpe@ellerman.id.au>2019-11-12 12:25:50 +1100
commite14555e3d0e9edfad0a6840c0152f71aba97e793 (patch)
tree043793c6388f53a4efeac81e0b12242d3c083156 /security/integrity/ima/ima.h
parent1917855f4e0658c313e280671ad87774dbfb7b24 (diff)
ima: Make process_buffer_measurement() generic
process_buffer_measurement() is limited to measuring the kexec boot command line. This patch makes process_buffer_measurement() more generic, allowing it to measure other types of buffer data (e.g. blacklisted binary hashes or key hashes). process_buffer_measurement() may be called directly from an IMA hook or as an auxiliary measurement record. In both cases the buffer measurement is based on policy. This patch modifies the function to conditionally retrieve the policy defined PCR and template for the IMA hook case. Signed-off-by: Nayna Jain <nayna@linux.ibm.com> [zohar@linux.ibm.com: added comment in process_buffer_measurement()] Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/1572492694-6520-6-git-send-email-zohar@linux.ibm.com
Diffstat (limited to 'security/integrity/ima/ima.h')
-rw-r--r--security/integrity/ima/ima.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 3689081aaf38..a65772ffa427 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -217,6 +217,9 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
struct evm_ima_xattr_data *xattr_value,
int xattr_len, const struct modsig *modsig, int pcr,
struct ima_template_desc *template_desc);
+void process_buffer_measurement(const void *buf, int size,
+ const char *eventname, enum ima_hooks func,
+ int pcr);
void ima_audit_measurement(struct integrity_iint_cache *iint,
const unsigned char *filename);
int ima_alloc_init_template(struct ima_event_data *event_data,
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-04 19:08:46 +0000