On Mon, Jul 5, 2021 at 5:09 AM Roberto Sassu <roberto.sassu@xxxxxxxxxx> wrote: > > This patch adds the 'digest' and 'digest_len' parameters to > ima_measure_critical_data() and process_buffer_measurement(), so that > callers can get the digest of the passed buffer. > > These functions calculate the digest even if there is no suitable rule in > the IMA policy and, in this case, they simply return 1 before generating a > new measurement entry. > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > --- > include/linux/ima.h | 5 +-- > security/integrity/ima/ima.h | 2 +- > security/integrity/ima/ima_appraise.c | 2 +- > security/integrity/ima/ima_asymmetric_keys.c | 2 +- > security/integrity/ima/ima_init.c | 3 +- > security/integrity/ima/ima_main.c | 36 ++++++++++++++------ > security/integrity/ima/ima_queue_keys.c | 2 +- > security/selinux/ima.c | 6 ++-- > 8 files changed, 39 insertions(+), 19 deletions(-) The SELinux changes are trivial and fall into that cross-subsystem-ACK-not-really-necessary category, but why not :) For the SELinux bits: Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> -- paul moore www.paul-moore.com
