diff options
| author |   Eric Richter <erichte@linux.vnet.ibm.com> | 2016-06-01 13:14:01 -0500 |
|---|---|---|
| committer |   Mimi Zohar <zohar@linux.vnet.ibm.com> | 2016-06-30 01:14:20 -0400 |
| commit | 0260643ce8047d2a58f76222d09f161149622465 (patch) | |
| tree | 2d08485e5c54c13da4111c5932dadb5ea931a280 /security/integrity/ima/ima_api.c | |
| parent | integrity: add measured_pcrs field to integrity cache (diff) | |
| download | wireguard-linux-0260643ce8047d2a58f76222d09f161149622465.tar.xz wireguard-linux-0260643ce8047d2a58f76222d09f161149622465.zip | |
ima: add policy support for extending different pcrs
This patch defines a new IMA measurement policy rule option "pcr=",
which allows extending different PCRs on a per rule basis. For example,
the system independent files could extend the default IMA Kconfig
specified PCR, while the system dependent files could extend a different
PCR.
The following is an example of this usage with an SELinux policy; the
rule would extend PCR 11 with system configuration files:
measure func=FILE_CHECK mask=MAY_READ obj_type=system_conf_t pcr=11
Changelog v3:
- FIELD_SIZEOF returns bytes, not bits. Fixed INVALID_PCR
Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_api.c')
0 files changed, 0 insertions, 0 deletions