git.baikalelectronics.ru Git - kernel.git/commit

author	Thiago Jung Bauermann <bauerman@linux.ibm.com>
	Fri, 28 Jun 2019 02:19:32 +0000 (23:19 -0300)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Mon, 5 Aug 2019 22:40:25 +0000 (18:40 -0400)
commit	b4d28cdc8f807368e579d0880c1b92902915c08a
tree	94bf31dc35114d22a2c87906106074cdcb4bd021	tree \| snapshot
parent	073b7c0a96b98bcb72eb31ff9ceb64541f5c6da3	commit \| diff

ima: Define ima-modsig template

Define new "d-modsig" template field which holds the digest that is
expected to match the one contained in the modsig, and also new "modsig"
template field which holds the appended file signature.

Add a new "ima-modsig" defined template descriptor with the new fields as
well as the ones from the "ima-sig" descriptor.

Change ima_store_measurement() to accept a struct modsig * argument so that
it can be passed along to the templates via struct ima_event_data.

Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

Documentation/security/IMA-templates.rst		diff \| blob \| history
security/integrity/ima/ima.h		diff \| blob \| history
security/integrity/ima/ima_api.c		diff \| blob \| history
security/integrity/ima/ima_main.c		diff \| blob \| history
security/integrity/ima/ima_modsig.c		diff \| blob \| history
security/integrity/ima/ima_policy.c		diff \| blob \| history
security/integrity/ima/ima_template.c		diff \| blob \| history
security/integrity/ima/ima_template_lib.c		diff \| blob \| history
security/integrity/ima/ima_template_lib.h		diff \| blob \| history