diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-21 17:08:06 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-21 17:08:06 -0800 |
| commit | d643a990891abdb0fd93ff3740a6f7222fbb756c (patch) | |
| tree | ba135c64ac4e8a8c54d3a7ab393f8d9db46a0430 /security/integrity/ima/ima_api.c | |
| parent | 23b6ba45f321bd5c4cddde4b8c85b3f71da3cdb8 (diff) | |
| parent | f6692213b5045dc461ce0858fb18cf46f328c202 (diff) | |
Merge tag 'integrity-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull IMA updates from Mimi Zohar:
"New is IMA support for measuring kernel critical data, as per usual
based on policy. The first example measures the in memory SELinux
policy. The second example measures the kernel version.
In addition are four bug fixes to address memory leaks and a missing
'static' function declaration"
* tag 'integrity-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
integrity: Make function integrity_add_key() static
ima: Free IMA measurement buffer after kexec syscall
ima: Free IMA measurement buffer on error
IMA: Measure kernel version in early boot
selinux: include a consumer of the new IMA critical data hook
IMA: define a builtin critical data measurement policy
IMA: extend critical data hook to limit the measurement based on a label
IMA: limit critical data measurement based on a label
IMA: add policy rule to measure critical data
IMA: define a hook to measure kernel integrity critical data
IMA: add support to measure buffer data hash
IMA: generalize keyring specific measurement constructs
evm: Fix memleak in init_desc
Diffstat (limited to 'security/integrity/ima/ima_api.c')
| -rw-r--r-- | security/integrity/ima/ima_api.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 4f39fb93f278..1dd70dc68ffd 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -170,13 +170,13 @@ err_out: * @func: caller identifier * @pcr: pointer filled in if matched measure policy sets pcr= * @template_desc: pointer filled in if matched measure policy sets template= - * @keyring: keyring name used to determine the action + * @func_data: func specific data, may be NULL * * The policy is defined in terms of keypairs: * subj=, obj=, type=, func=, mask=, fsmagic= * subj,obj, and type: are LSM specific. * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK - * | KEXEC_CMDLINE | KEY_CHECK + * | KEXEC_CMDLINE | KEY_CHECK | CRITICAL_DATA * mask: contains the permission mask * fsmagic: hex value * @@ -186,14 +186,14 @@ err_out: int ima_get_action(struct inode *inode, const struct cred *cred, u32 secid, int mask, enum ima_hooks func, int *pcr, struct ima_template_desc **template_desc, - const char *keyring) + const char *func_data) { int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE | IMA_HASH; flags &= ima_policy_flag; return ima_match_policy(inode, cred, secid, func, mask, flags, pcr, - template_desc, keyring); + template_desc, func_data); } /* |