Re: [PATCH v9 5/8] ima: make process_buffer_measurement() generic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/23/19 8:47 PM, Nayna Jain wrote:

Hi Nayna,


+void process_buffer_measurement(const void *buf, int size,
+				const char *eventname, enum ima_hooks func,
+				int pcr)
  {
  	int ret = 0;
  	struct ima_template_entry *entry = NULL;



+	if (func) {
+		security_task_getsecid(current, &secid);
+		action = ima_get_action(NULL, current_cred(), secid, 0, func,
+					&pcr, &template);
+		if (!(action & IMA_MEASURE))
+			return;
+	}
In your change set process_buffer_measurement is called with NONE for the parameter func. So ima_get_action (the above if block) will not be executed.
Wouldn't it better to update ima_get_action (and related functions) to handle the ima policy (func param)? 

thanks,
 -lakshmi
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux