[PATCH v5 08/10] IMA: Added a flag to determine whether IMA hook can process the key now or has to queue for processing later
Lakshmi Ramasubramanian
nramas at linux.microsoft.com
Mon Nov 11 19:33:01 UTC 2019
Keys should be processed only if custom IMA policies have been
applied. Prior to that the keys should be queued for processing later.
This patch defines a flag namely ima_process_keys_for_measurement
to check if the key should be processed immediately or should be queued.
ima_policy_flag cannot be relied upon because ima_policy_flag will
be set to 0 when either IMA is not initialized or the IMA policy
itself is empty.
Signed-off-by: Lakshmi Ramasubramanian <nramas at linux.microsoft.com>
---
security/integrity/ima/ima_asymmetric_keys.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c
index 7d6603bfcc06..61c42d06a636 100644
--- a/security/integrity/ima/ima_asymmetric_keys.c
+++ b/security/integrity/ima/ima_asymmetric_keys.c
@@ -15,6 +15,8 @@
#include <keys/asymmetric-type.h>
#include "ima.h"
+bool ima_process_keys_for_measurement;
+
/**
* ima_post_key_create_or_update - measure asymmetric keys
* @keyring: keyring to which the key is linked to
--
2.17.1
More information about the Linux-security-module-archive
mailing list