On Thu, Aug 13, 2020 at 1:52 PM Lakshmi Ramasubramanian
<nramas@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On 8/13/20 10:42 AM, Stephen Smalley wrote:
>
> >> diff --git a/security/selinux/measure.c b/security/selinux/measure.c
> >> new file mode 100644
> >> index 000000000000..f21b7de4e2ae
> >> --- /dev/null
> >> +++ b/security/selinux/measure.c
> >> @@ -0,0 +1,204 @@
> >> +static int selinux_hash_buffer(void *buf, size_t buf_len,
> >> + void **buf_hash, int *buf_hash_len)
> >> +{
> >> + struct crypto_shash *tfm;
> >> + struct shash_desc *desc = NULL;
> >> + void *digest = NULL;
> >> + int desc_size;
> >> + int digest_size;
> >> + int ret = 0;
> >> +
> >> + tfm = crypto_alloc_shash("sha256", 0, 0);
> >> + if (IS_ERR(tfm))
> >> + return PTR_ERR(tfm);
> > Can we make the algorithm selectable via kernel parameter and/or writing
> > to a new selinuxfs node?
>
> I can add a kernel parameter to select this hash algorithm.
Also can we provide a Kconfig option for the default value like IMA does?
