ima: define a new hook to measure and appraise a file already in memory
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 14 Jan 2016 22:57:47 +0000 (17:57 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Sun, 21 Feb 2016 03:35:08 +0000 (22:35 -0500)
commitcf2222178645e545e96717b2825601321ce4745c
treec13092b85aaf3207e2626c7da1102da0b5dfab36
parent98304bcf71845e97c0b5c800ae619311156b66c1
ima: define a new hook to measure and appraise a file already in memory

This patch defines a new IMA hook ima_post_read_file() for measuring
and appraising files read by the kernel. The caller loads the file into
memory before calling this function, which calculates the hash followed by
the normal IMA policy based processing.

Changelog v5:
- fail ima_post_read_file() if either file or buf is NULL
v3:
- rename ima_hash_and_process_file() to ima_post_read_file()

v1:
- split patch

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
include/linux/ima.h
include/linux/security.h
security/integrity/ima/ima.h
security/integrity/ima/ima_api.c
security/integrity/ima/ima_appraise.c
security/integrity/ima/ima_main.c
security/integrity/ima/ima_policy.c
security/integrity/integrity.h
security/security.c