leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ima: change integrity cache to store measured pcr

Browse Source 
IMA avoids re-measuring files by storing the current state as a flag in
the integrity cache. It will then skip adding a new measurement log entry
if the cache reports the file as already measured.

If a policy measures an already measured file to a new PCR, the measurement
will not be added to the list. This patch implements a new bitfield for
specifying which PCR the file was measured into, rather than if it was
measured.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Eric Richter
2016-06-01 13:14:06 -05:00
committed by Mimi Zohar
parent 67696f6d79
commit a422638d49
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
security/integrity/ima/ima_appraise.c
View File

@@ -370,6 +370,7 @@ static void ima_reset_appraise_flags(struct inode *inode, int digsig)
return;
iint->flags &= ~IMA_DONE_MASK;
iint->measured_pcrs = 0;
if (digsig)
iint->flags |= IMA_DIGSIG;
return;