IMA: Add KEY_CHECK func to measure keys

Measure keys loaded onto any keyring. This patch defines a new IMA policy func namely KEY_CHECK to measure keys. Updated ima_match_rules() to check for KEY_CHECK and ima_parse_rule() to handle KEY_CHECK. Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> 2019-12-11 08:47:03 -0800
committer: Mimi Zohar <zohar@linux.ibm.com> 2019-12-12 08:53:50 -0500
commit: 5808611cccb28044940d04ebd303dc90f33b77b1 (patch)
tree: 078c06ef373bfe2e252910c59060fd54e2e2e4c4 /security/integrity/ima/ima.h
parent: c5563bad88e07017e08cce1142903e501598c80c (diff)
download: lwn-5808611cccb28044940d04ebd303dc90f33b77b1.tar.gz
lwn-5808611cccb28044940d04ebd303dc90f33b77b1.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index df4ca482fb53..fe6c698617bd 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -193,6 +193,7 @@ static inline unsigned long ima_hash_key(u8 *digest)
 	hook(KEXEC_INITRAMFS_CHECK)	\
 	hook(POLICY_CHECK)		\
 	hook(KEXEC_CMDLINE)		\
+	hook(KEY_CHECK)			\
 	hook(MAX_CHECK)
 #define __ima_hook_enumify(ENUM)	ENUM,
author	Lakshmi Ramasubramanian <nramas@linux.microsoft.com>	2019-12-11 08:47:03 -0800
committer	Mimi Zohar <zohar@linux.ibm.com>	2019-12-12 08:53:50 -0500
commit	5808611cccb28044940d04ebd303dc90f33b77b1 (patch)
tree	078c06ef373bfe2e252910c59060fd54e2e2e4c4 /security/integrity/ima/ima.h
parent	c5563bad88e07017e08cce1142903e501598c80c (diff)
download	lwn-5808611cccb28044940d04ebd303dc90f33b77b1.tar.gz lwn-5808611cccb28044940d04ebd303dc90f33b77b1.zip