Re: [PATCH 3/3] IMA: add support to measure duplicate buffer for critical data hook

2021-02-09 Thread Tushar Sugandhi
On 2021-02-08 12:24 p.m., Mimi Zohar wrote: Hi Tushar, On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote: diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index c096ef8945c7..fbf359495fa8 100644 --- a/security/integrity/ima/ima_queue.c +++

Re: [PATCH 3/3] IMA: add support to measure duplicate buffer for critical data hook

2021-02-08 Thread Mimi Zohar
Hi Tushar, On Fri, 2021-01-29 at 16:45 -0800, Tushar Sugandhi wrote: > diff --git a/security/integrity/ima/ima_queue.c > b/security/integrity/ima/ima_queue.c > > index c096ef8945c7..fbf359495fa8 100644 > --- a/security/integrity/ima/ima_queue.c > +++ b/security/integrity/ima/ima_queue.c > @@

[PATCH 3/3] IMA: add support to measure duplicate buffer for critical data hook

2021-01-29 Thread Tushar Sugandhi
process_buffer_measurement() and the underlying functions do not use the policy condition to measure duplicate buffer entries for integrity critical data. Update process_buffer_measurement(), ima_add_template_entry(), and ima_store_template() to use the policy condition to decide if a duplicate