// SPDX-License-Identifier: GPL-2.0+
/*
 * Copyright (C) 2021 Microsoft Corporation
 *
 * Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com)
 *
 * Measure critical data structures maintainted by SELinux
 * using IMA subsystem.
 */
#include <linux/vmalloc.h>
#include <linux/ima.h>
#include "security.h"
#include "ima.h"

/*
 * selinux_ima_measure_state - Measure hash of the SELinux policy
 *
 * @state: selinux state struct
 *
 * NOTE: This function must be called with policy_mutex held.
 */
void selinux_ima_measure_state(struct selinux_state *state)
{
	void *policy = NULL;
	size_t policy_len;
	int rc = 0;

	/*
	 * Measure SELinux policy only after initialization is completed.
	 */
	if (!selinux_initialized(state))
		return;

	rc = security_read_state_kernel(state, &policy, &policy_len);
	if (rc) {
		pr_err("SELinux: %s: failed to read policy %d.\n", __func__, rc);
		return;
	}

	ima_measure_critical_data("selinux", "selinux-policy-hash",
				  policy, policy_len, true);

	vfree(policy);
}