[PATCH v8 4/8] IMA: add policy rule to measure critical data
Tushar Sugandhi
tusharsu at linux.microsoft.com
Sat Dec 12 17:34:28 UTC 2020
>>>> + case CRITICAL_DATA:
>>>> + if (!rule->data_source)
>>>> + return true;
>>>> +
>>>> + opt_list = rule->data_source;
>>>> + break;
>>>
>>> I guess this case should unconditionally return true in this patch and
>>> then the include this additional logic in the next patch.
>>>
>>> Sorry, I missed these on my last review.
>>>
>> No worries.
>>
>> As I mentioned above, I kept it purposefully in this patch since
>> my impression was rule->data_source is not part of the user facing
>> policy.
>>
>> But I can simply return true here as you suggested, and move the logic to
>> the next patch.
>
> I understand the thinking that it isn't harmful in this patch but I
> think it is a bit cleaner to introduce the data_source policy language
> element and all of its backend support in the same patch. Please move it
> to the next patch. Thanks!
>
> Tyler
>
Will do.
Thanks a lot Tyler for a detailed review. Appreciate it.
~Tushar
More information about the Linux-security-module-archive
mailing list