Re: [PATCH v9 4/8] IMA: add policy rule to measure critical data

From: Tushar Sugandhi
Date: Sat Dec 12 2020 - 20:23:02 EST

Next message: Tushar Sugandhi: "Re: [PATCH v9 5/8] IMA: limit critical data measurement based on a label"
Previous message: Thomas Hebb: "[PATCH] ASoC: dapm: remove widget from dirty list on free"
In reply to: Tyler Hicks: "Re: [PATCH v9 4/8] IMA: add policy rule to measure critical data"
Next in thread: Tushar Sugandhi: "[PATCH v9 1/8] IMA: generalize keyring specific measurement constructs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020-12-12 11:20 a.m., Tyler Hicks wrote:

On 2020-12-12 10:02:47, Tushar Sugandhi wrote:

A new IMA policy rule is needed for the IMA hook
ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
measuring the input buffer. The policy rule should ensure the buffer
would get measured only when the policy rule allows the action. The
policy rule should also support the necessary constraints (flags etc.)
for integrity critical buffer data measurements.

Add a policy rule to define the constraints for restricting integrity
critical data measurements.

Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>

This looks nice. Thanks for the changes!

Reviewed-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxxx>

Tyler

Thanks for the detailed review on this series Tyler.
We really appreciate it.

~Tushar

Next message: Tushar Sugandhi: "Re: [PATCH v9 5/8] IMA: limit critical data measurement based on a label"
Previous message: Thomas Hebb: "[PATCH] ASoC: dapm: remove widget from dirty list on free"
In reply to: Tyler Hicks: "Re: [PATCH v9 4/8] IMA: add policy rule to measure critical data"
Next in thread: Tushar Sugandhi: "[PATCH v9 1/8] IMA: generalize keyring specific measurement constructs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]