review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
	Thu, 12 Nov 2020 20:39:59 +0000 (12:39 -0800)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Fri, 20 Nov 2020 18:52:43 +0000 (13:52 -0500)
commit	dea87d0889dd663bd32e86824a0b35cd617ae1d0
tree	e8b3a54380e0ad0a78e93c36cb0ebf5676b57f2f	tree \| snapshot
parent	b000d5cb954fe25ac1ea929ae6da321033ace927	commit \| diff

ima: select ima-buf template for buffer measurement

The default IMA template used for all policy rules is the value set
for CONFIG_IMA_DEFAULT_TEMPLATE if the policy rule does not specify
a template. The default IMA template for buffer measurements should be
'ima-buf' - so that the measured buffer is correctly included in the IMA
measurement log entry.

With the default template format, buffer measurements are added to
the measurement list, but do not include the buffer data, making it
difficult, if not impossible, to validate. Including 'ima-buf'
template records in the measurement list by default, should not impact
existing attestation servers without 'ima-buf' template support.

Initialize a global 'ima-buf' template and select that template,
by default, for buffer measurements.

Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

security/integrity/ima/ima.h		diff \| blob \| history
security/integrity/ima/ima_main.c		diff \| blob \| history
security/integrity/ima/ima_policy.c		diff \| blob \| history
security/integrity/ima/ima_template.c		diff \| blob \| history