diff options
| author |   Thiago Jung Bauermann <bauerman@linux.ibm.com> | 2019-06-27 23:19:32 -0300 |
|---|---|---|
| committer |   Mimi Zohar <zohar@linux.ibm.com> | 2019-08-05 18:40:25 -0400 |
| commit | 3878d505aa718bcc7b1eb4089ab9b9fb27dee957 (patch) | |
| tree | 94bf31dc35114d22a2c87906106074cdcb4bd021 /security/integrity/ima/ima_main.c | |
| parent | ima: Collect modsig (diff) | |
| download | linux-dev-3878d505aa718bcc7b1eb4089ab9b9fb27dee957.tar.xz linux-dev-3878d505aa718bcc7b1eb4089ab9b9fb27dee957.zip | |
ima: Define ima-modsig template
Define new "d-modsig" template field which holds the digest that is
expected to match the one contained in the modsig, and also new "modsig"
template field which holds the appended file signature.
Add a new "ima-modsig" defined template descriptor with the new fields as
well as the ones from the "ima-sig" descriptor.
Change ima_store_measurement() to accept a struct modsig * argument so that
it can be passed along to the templates via struct ima_event_data.
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_main.c')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 7c8d92cf2755..c87645c2c4c0 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -323,7 +323,7 @@ static int process_measurement(struct file *file, const struct cred *cred, if (action & IMA_MEASURE) ima_store_measurement(iint, file, pathname, - xattr_value, xattr_len, pcr, + xattr_value, xattr_len, modsig, pcr, template_desc); if (rc == 0 && (action & IMA_APPRAISE_SUBMASK)) { inode_lock(inode); |