]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
ima: change integrity cache to store measured pcr
authorEric Richter <erichte@linux.vnet.ibm.com>
Wed, 1 Jun 2016 18:14:06 +0000 (13:14 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 30 Jun 2016 05:14:22 +0000 (01:14 -0400)
commita422638d492a35316e3fd9bb31bfc9769b249bca
treeee3c83ca967003972763fb18de707bd7cc5bb58f
parent67696f6d79923cdc0084b73b4bbe52e6749a43a4
ima: change integrity cache to store measured pcr

IMA avoids re-measuring files by storing the current state as a flag in
the integrity cache. It will then skip adding a new measurement log entry
if the cache reports the file as already measured.

If a policy measures an already measured file to a new PCR, the measurement
will not be added to the list. This patch implements a new bitfield for
specifying which PCR the file was measured into, rather than if it was
measured.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/ima/ima_api.c
security/integrity/ima/ima_appraise.c
security/integrity/ima/ima_main.c