IMA: extend critical data hook to limit the measurement based on a label
authorTushar Sugandhi <tusharsu@linux.microsoft.com>
Fri, 8 Jan 2021 04:07:06 +0000 (20:07 -0800)
committerMimi Zohar <zohar@linux.ibm.com>
Fri, 15 Jan 2021 04:41:38 +0000 (23:41 -0500)
commit9f5d7d23cc5ec61a92076b73665fcb9aaa5bb5a0
tree9316944e029c026b05f592657a08e7ff146caa47
parent47d76a4840501c1cefb3fbce777a86c58b02532b
IMA: extend critical data hook to limit the measurement based on a label

The IMA hook ima_measure_critical_data() does not support a way to
specify the source of the critical data provider.  Thus, the data
measurement cannot be constrained based on the data source label
in the IMA policy.

Extend the IMA hook ima_measure_critical_data() to support passing
the data source label as an input parameter, so that the policy rule can
be used to limit the measurements based on the label.

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
include/linux/ima.h
security/integrity/ima/ima_main.c