diff options
| -rw-r--r-- | include/linux/ima.h | 7 | ||||
| -rw-r--r-- | security/integrity/ima/ima_main.c | 8 |
2 files changed, 10 insertions, 5 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h index 59bd90ac3c35..2ac834badbbe 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -31,7 +31,8 @@ extern void ima_post_path_mknod(struct dentry *dentry); extern int ima_file_hash(struct file *file, char *buf, size_t buf_size); extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size); extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size); -extern void ima_measure_critical_data(const char *event_name, +extern void ima_measure_critical_data(const char *event_label, + const char *event_name, const void *buf, size_t buf_len, bool hash); @@ -132,9 +133,11 @@ static inline int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size static inline void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) {} -static inline void ima_measure_critical_data(const char *event_name, +static inline void ima_measure_critical_data(const char *event_label, + const char *event_name, const void *buf, size_t buf_len, bool hash) {} + #endif /* CONFIG_IMA */ #ifndef CONFIG_IMA_KEXEC diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 251e7b4006f4..6a429846f90a 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -945,6 +945,7 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) /** * ima_measure_critical_data - measure kernel integrity critical data + * @event_label: unique event label for grouping and limiting critical data * @event_name: event name for the record in the IMA measurement list * @buf: pointer to buffer data * @buf_len: length of buffer data (in bytes) @@ -955,15 +956,16 @@ void ima_kexec_cmdline(int kernel_fd, const void *buf, int size) * structures, policies, and states stored in kernel memory that can * impact the integrity of the system. */ -void ima_measure_critical_data(const char *event_name, +void ima_measure_critical_data(const char *event_label, + const char *event_name, const void *buf, size_t buf_len, bool hash) { - if (!event_name || !buf || !buf_len) + if (!event_name || !event_label || !buf || !buf_len) return; process_buffer_measurement(NULL, buf, buf_len, event_name, - CRITICAL_DATA, 0, NULL, + CRITICAL_DATA, 0, event_label, hash); } |