[PATCH v9 4/8] IMA: add policy rule to measure critical data

Mimi Zohar zohar at linux.ibm.com
Thu Dec 24 13:48:35 UTC 2020


Hi Tushar,

Please update the Subject line as, "Add policy rule support for
measuring critical data".

On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
> A new IMA policy rule is needed for the IMA hook
> ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
> measuring the input buffer. The policy rule should ensure the buffer
> would get measured only when the policy rule allows the action. The
> policy rule should also support the necessary constraints (flags etc.)
> for integrity critical buffer data measurements.
> 
> Add a policy rule to define the constraints for restricting integrity
> critical data measurements.
> 
> Signed-off-by: Tushar Sugandhi <tusharsu at linux.microsoft.com>

This patch does not restrict measuring critical data, but adds policy
rule support for measuring critical data.  please update the patch
description accordingly.

Other than that,

Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>



More information about the Linux-security-module-archive mailing list