diff options
author | Tushar Sugandhi <tusharsu@linux.microsoft.com> | 2021-01-07 20:07:01 -0800 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-01-14 23:41:13 -0500 |
commit | 2b4a2474a2027eb683bc421eff286fc617ce1d82 (patch) | |
tree | c4a7645945847ab403ad23d57f8bca5bca5d8169 /security/integrity/ima/ima_main.c | |
parent | ccf11dbaa07b328fa469415c362d33459c140a37 (diff) | |
download | linux-2b4a2474a2027eb683bc421eff286fc617ce1d82.tar.bz2 |
IMA: generalize keyring specific measurement constructs
IMA functions such as ima_match_keyring(), process_buffer_measurement(),
ima_match_policy() etc. handle data specific to keyrings. Currently,
these constructs are not generic to handle any func specific data.
This makes it harder to extend them without code duplication.
Refactor the keyring specific measurement constructs to be generic and
reusable in other measurement scenarios.
Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_main.c')
-rw-r--r-- | security/integrity/ima/ima_main.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f87cb29329e9..0c645699c7fb 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -816,13 +816,13 @@ int ima_post_load_data(char *buf, loff_t size, * @eventname: event name to be used for the buffer entry. * @func: IMA hook * @pcr: pcr to extend the measurement - * @keyring: keyring name to determine the action to be performed + * @func_data: func specific data, may be NULL * * Based on policy, the buffer is measured into the ima log. */ void process_buffer_measurement(struct inode *inode, const void *buf, int size, const char *eventname, enum ima_hooks func, - int pcr, const char *keyring) + int pcr, const char *func_data) { int ret = 0; const char *audit_cause = "ENOMEM"; @@ -861,7 +861,7 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, if (func) { security_task_getsecid(current, &secid); action = ima_get_action(inode, current_cred(), secid, 0, func, - &pcr, &template, keyring); + &pcr, &template, func_data); if (!(action & IMA_MEASURE)) return; } |