Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-29 15:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
47d76a4840
linux/security/integrity/ima
History
Tushar Sugandhi 47d76a4840 IMA: limit critical data measurement based on a label 
Integrity critical data may belong to a single subsystem or it may
arise from cross subsystem interaction.  Currently there is no mechanism
to group or limit the data based on certain label.  Limiting and
grouping critical data based on a label would make it flexible and
configurable to measure.

Define "label:=", a new IMA policy condition, for the IMA func
CRITICAL_DATA to allow grouping and limiting measurement of integrity
critical data.

Limit the measurement to the labels that are specified in the IMA
policy - CRITICAL_DATA+"label:=".  If "label:=" is not provided with
the func CRITICAL_DATA, measure all the input integrity critical data.

Signed-off-by: Tushar Sugandhi <tusharsu@linux.microsoft.com>
Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2021-01-14 23:41:34 -05:00
..
ima_api.c IMA: define a hook to measure kernel integrity critical data 2021-01-14 23:41:26 -05:00
ima_appraise.c IMA: add support to measure buffer data hash 2021-01-14 23:41:23 -05:00
ima_asymmetric_keys.c IMA: add support to measure buffer data hash 2021-01-14 23:41:23 -05:00
ima_crypto.c ima: Don't modify file descriptor mode on the fly 2020-11-29 07:02:53 -05:00
ima_efi.c ima: generalize x86/EFI arch glue for other EFI architectures 2020-11-06 07:40:42 +01:00
ima_fs.c fs/kernel_file_read: Add "offset" arg for partial reads 2020-10-05 13:37:04 +02:00
ima_init.c ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() 2020-06-03 17:20:43 -04:00
ima_kexec.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
ima_main.c IMA: define a hook to measure kernel integrity critical data 2021-01-14 23:41:26 -05:00
ima_modsig.c ima: Move comprehensive rule validation checks out of the token parser 2020-07-20 13:28:15 -04:00
ima_mok.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
ima_policy.c IMA: limit critical data measurement based on a label 2021-01-14 23:41:34 -05:00
ima_queue_keys.c IMA: add support to measure buffer data hash 2021-01-14 23:41:23 -05:00
ima_queue.c ima: Remove semicolon at the end of ima_get_binary_runtime_size() 2020-09-15 13:47:41 -04:00
ima_template_lib.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
ima_template_lib.h Replace HTTP links with HTTPS ones: security 2020-08-06 12:00:05 -07:00
ima_template.c ima: select ima-buf template for buffer measurement 2020-11-20 13:52:43 -05:00
ima.h IMA: define a hook to measure kernel integrity critical data 2021-01-14 23:41:26 -05:00
Kconfig Minor fixes for v5.9. 2020-08-11 14:30:36 -07:00
Makefile ima: generalize x86/EFI arch glue for other EFI architectures 2020-11-06 07:40:42 +01:00