On 10/23/19 8:47 PM, Nayna Jain wrote:
Hi Nayna,
+void process_buffer_measurement(const void *buf, int size,
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ const char *eventname, enum ima_hooks func,
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ int pcr)
 {
ÂÂÂÂÂ int ret = 0;
ÂÂÂÂÂ struct ima_template_entry *entry = NULL;
+ÂÂÂ if (func) {
+ÂÂÂÂÂÂÂ security_task_getsecid(current, &secid);
+ÂÂÂÂÂÂÂ action = ima_get_action(NULL, current_cred(), secid, 0, func,
+ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ &pcr, &template);
+ÂÂÂÂÂÂÂ if (!(action & IMA_MEASURE))
+ÂÂÂÂÂÂÂÂÂÂÂ return;
+ÂÂÂ }
In your change set process_buffer_measurement is called with NONE for the parameter func. So ima_get_action (the above if block) will not be executed.
Wouldn't it better to update ima_get_action (and related functions) to handle the ima policy (func param)?