Re: [PATCH 2/2] SELinux: Measure state and hash of policy using IMA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 13, 2020 at 1:52 PM Lakshmi Ramasubramanian
<nramas@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On 8/13/20 10:42 AM, Stephen Smalley wrote:
>
> >> diff --git a/security/selinux/measure.c b/security/selinux/measure.c
> >> new file mode 100644
> >> index 000000000000..f21b7de4e2ae
> >> --- /dev/null
> >> +++ b/security/selinux/measure.c
> >> @@ -0,0 +1,204 @@
> >> +static int selinux_hash_buffer(void *buf, size_t buf_len,
> >> +                   void **buf_hash, int *buf_hash_len)
> >> +{
> >> +    struct crypto_shash *tfm;
> >> +    struct shash_desc *desc = NULL;
> >> +    void *digest = NULL;
> >> +    int desc_size;
> >> +    int digest_size;
> >> +    int ret = 0;
> >> +
> >> +    tfm = crypto_alloc_shash("sha256", 0, 0);
> >> +    if (IS_ERR(tfm))
> >> +        return PTR_ERR(tfm);
> > Can we make the algorithm selectable via kernel parameter and/or writing
> > to a new selinuxfs node?
>
> I can add a kernel parameter to select this hash algorithm.

Also can we provide a Kconfig option for the default value like IMA does?



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux