IMA: Define a new hook to measure the kexec boot command line arguments

Currently during soft reboot(kexec_file_load) boot command line arguments are not measured. Define hooks needed to measure kexec command line arguments during soft reboot(kexec_file_load). - A new ima hook ima_kexec_cmdline is defined to be called by the kexec code. - A new function process_buffer_measurement is defined to measure the buffer hash into the IMA measurement list. - A new func policy KEXEC_CMDLINE is defined to control the measurement. Signed-off-by: Prakhar Srivastava <prsriva02@gmail.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Prakhar Srivastava <prsriva02@gmail.com> 2019-06-23 23:23:29 -0700
committer: Mimi Zohar <zohar@linux.ibm.com> 2019-06-24 08:29:57 -0400
commit: b0935123a18360d19f1dcc779ea33841cdc304cc (patch)
tree: f7f069f94312da4302ad6b1b793d4f6c90eb5bc0 /security/integrity/ima/ima_api.c
parent: 19453ce0bcfbdf7332a104eebf5d835977af7284 (diff)
download: linux-b0935123a18360d19f1dcc779ea33841cdc304cc.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index c0cf4bcfc82f..d426d4d1fe04 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -178,6 +178,7 @@ err_out:
  *		subj=, obj=, type=, func=, mask=, fsmagic=
  *	subj,obj, and type: are LSM specific.
  *	func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK
+ *	| KEXEC_CMDLINE
  *	mask: contains the permission mask
  *	fsmagic: hex value
  *
author	Prakhar Srivastava <prsriva02@gmail.com>	2019-06-23 23:23:29 -0700
committer	Mimi Zohar <zohar@linux.ibm.com>	2019-06-24 08:29:57 -0400
commit	b0935123a18360d19f1dcc779ea33841cdc304cc (patch)
tree	f7f069f94312da4302ad6b1b793d4f6c90eb5bc0 /security/integrity/ima/ima_api.c
parent	19453ce0bcfbdf7332a104eebf5d835977af7284 (diff)
download	linux-b0935123a18360d19f1dcc779ea33841cdc304cc.tar.bz2