Re: [PATCH v9 5/8] ima: make process_buffer_measurement() generic

From: Lakshmi Ramasubramanian
Date: Thu Oct 24 2019 - 11:20:20 EST

Next message: syzbot: "Re: divide error in dummy_timer"
Previous message: Ayan Halder: "Re: Question regarding "reserved-memory""
Next in thread: Nayna Jain: "Re: [PATCH v9 5/8] ima: make process_buffer_measurement() generic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/23/19 8:47 PM, Nayna Jain wrote:

Hi Nayna,

+void process_buffer_measurement(const void *buf, int size,
+ const char *eventname, enum ima_hooks func,
+ int pcr)
{
int ret = 0;
struct ima_template_entry *entry = NULL;

+ if (func) {
+ security_task_getsecid(current, &secid);
+ action = ima_get_action(NULL, current_cred(), secid, 0, func,
+ &pcr, &template);
+ if (!(action & IMA_MEASURE))
+ return;
+ }

In your change set process_buffer_measurement is called with NONE for the parameter func. So ima_get_action (the above if block) will not be executed.

Wouldn't it better to update ima_get_action (and related functions) to handle the ima policy (func param)?

thanks,
-lakshmi

Next message: syzbot: "Re: divide error in dummy_timer"
Previous message: Ayan Halder: "Re: Question regarding "reserved-memory""
Next in thread: Nayna Jain: "Re: [PATCH v9 5/8] ima: make process_buffer_measurement() generic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]