[PATCH v9 5/8] ima: make process_buffer_measurement() generic
Lakshmi Ramasubramanian
nramas at linux.microsoft.com
Fri Oct 25 02:20:17 AEDT 2019
On 10/23/19 8:47 PM, Nayna Jain wrote:
Hi Nayna,
> +void process_buffer_measurement(const void *buf, int size,
> + const char *eventname, enum ima_hooks func,
> + int pcr)
> {
> int ret = 0;
> struct ima_template_entry *entry = NULL;
> + if (func) {
> + security_task_getsecid(current, &secid);
> + action = ima_get_action(NULL, current_cred(), secid, 0, func,
> + &pcr, &template);
> + if (!(action & IMA_MEASURE))
> + return;
> + }
In your change set process_buffer_measurement is called with NONE for
the parameter func. So ima_get_action (the above if block) will not be
executed.
Wouldn't it better to update ima_get_action (and related functions) to
handle the ima policy (func param)?
thanks,
-lakshmi
More information about the Linuxppc-dev
mailing list