[PATCH v8 4/8] IMA: add policy rule to measure critical data

Tushar Sugandhi tusharsu at linux.microsoft.com
Sat Dec 12 17:34:28 UTC 2020

>>>> +	case CRITICAL_DATA:
>>>> +		if (!rule->data_source)
>>>> +			return true;
>>>> +
>>>> +		opt_list = rule->data_source;
>>>> +		break;
>>> I guess this case should unconditionally return true in this patch and
>>> then the include this additional logic in the next patch.
>>> Sorry, I missed these on my last review.
>> No worries.
>> As I mentioned above, I kept it purposefully in this patch since
>> my impression was rule->data_source is not part of the user facing
>> policy.
>> But I can simply return true here as you suggested, and move the logic to
>> the next patch.
> I understand the thinking that it isn't harmful in this patch but I
> think it is a bit cleaner to introduce the data_source policy language
> element and all of its backend support in the same patch. Please move it
> to the next patch. Thanks!
> Tyler
Will do.
Thanks a lot Tyler for a detailed review. Appreciate it.


More information about the Linux-security-module-archive mailing list