| ima.c (320424c7d44f54c18df9812fd7c45f6963524002) | ima.c (ca3c9bdb101d9b9eb3ed8a85cc0fe55915ba49de) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * Copyright (C) 2021 Microsoft Corporation 4 * 5 * Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com) 6 * 7 * Measure critical data structures maintainted by SELinux 8 * using IMA subsystem. --- 72 unchanged lines hidden (view full) --- 81 82 state_str = selinux_ima_collect_state(state); 83 if (!state_str) { 84 pr_err("SELinux: %s: failed to read state.\n", __func__); 85 return; 86 } 87 88 ima_measure_critical_data("selinux", "selinux-state", | 1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * Copyright (C) 2021 Microsoft Corporation 4 * 5 * Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com) 6 * 7 * Measure critical data structures maintainted by SELinux 8 * using IMA subsystem. --- 72 unchanged lines hidden (view full) --- 81 82 state_str = selinux_ima_collect_state(state); 83 if (!state_str) { 84 pr_err("SELinux: %s: failed to read state.\n", __func__); 85 return; 86 } 87 88 ima_measure_critical_data("selinux", "selinux-state", |
| 89 state_str, strlen(state_str), false); | 89 state_str, strlen(state_str), false, 90 NULL, 0); |
| 90 91 kfree(state_str); 92 93 /* 94 * Measure SELinux policy only after initialization is completed. 95 */ 96 if (!selinux_initialized(state)) 97 return; 98 99 rc = security_read_state_kernel(state, &policy, &policy_len); 100 if (rc) { 101 pr_err("SELinux: %s: failed to read policy %d.\n", __func__, rc); 102 return; 103 } 104 105 ima_measure_critical_data("selinux", "selinux-policy-hash", | 91 92 kfree(state_str); 93 94 /* 95 * Measure SELinux policy only after initialization is completed. 96 */ 97 if (!selinux_initialized(state)) 98 return; 99 100 rc = security_read_state_kernel(state, &policy, &policy_len); 101 if (rc) { 102 pr_err("SELinux: %s: failed to read policy %d.\n", __func__, rc); 103 return; 104 } 105 106 ima_measure_critical_data("selinux", "selinux-policy-hash", |
| 106 policy, policy_len, true); | 107 policy, policy_len, true, 108 NULL, 0); |
| 107 108 vfree(policy); 109} 110 111/* 112 * selinux_ima_measure_state - Measure SELinux state and hash of policy 113 * 114 * @state: selinux state struct 115 */ 116void selinux_ima_measure_state(struct selinux_state *state) 117{ 118 WARN_ON(mutex_is_locked(&state->policy_mutex)); 119 120 mutex_lock(&state->policy_mutex); 121 selinux_ima_measure_state_locked(state); 122 mutex_unlock(&state->policy_mutex); 123} | 109 110 vfree(policy); 111} 112 113/* 114 * selinux_ima_measure_state - Measure SELinux state and hash of policy 115 * 116 * @state: selinux state struct 117 */ 118void selinux_ima_measure_state(struct selinux_state *state) 119{ 120 WARN_ON(mutex_is_locked(&state->policy_mutex)); 121 122 mutex_lock(&state->policy_mutex); 123 selinux_ima_measure_state_locked(state); 124 mutex_unlock(&state->policy_mutex); 125} |