mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-11-24 09:00:52 +07:00
e9085e0ad3
Limit measuring keys to those keys being loaded onto a given set of keyrings only and when the user id (uid) matches if uid is specified in the policy. This patch defines a new IMA policy option namely "keyrings=" that can be used to specify a set of keyrings. If this option is specified in the policy for "measure func=KEY_CHECK" then only the keys loaded onto a keyring given in the "keyrings=" option are measured. If uid is specified in the policy then the key is measured only if the current user id matches the one specified in the policy. Added a new parameter namely "keyring" (name of the keyring) to process_buffer_measurement(). The keyring name is passed to ima_get_action() to determine the required action. ima_match_rules() is updated to check keyring in the policy, if specified, for KEY_CHECK function. Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
||
|---|---|---|
| .. | ||
| evm | ||
| ima | ||
| platform_certs | ||
| digsig_asymmetric.c | ||
| digsig.c | ||
| iint.c | ||
| integrity_audit.c | ||
| integrity.h | ||
| Kconfig | ||
| Makefile | ||