[v5,08/10] IMA: Added a flag to determine whether IMA hook can process the key now or has to queue for processing later
diff mbox series

Message ID 20191111193303.12781-9-nramas@linux.microsoft.com
State New
Headers show
  • KEYS: Measure keys when they are created or updated
Related show

Commit Message

Lakshmi Ramasubramanian Nov. 11, 2019, 7:33 p.m. UTC
Keys should be processed only if custom IMA policies have been
applied. Prior to that the keys should be queued for processing later.

This patch defines a flag namely ima_process_keys_for_measurement
to check if the key should be processed immediately or should be queued.

ima_policy_flag cannot be relied upon because ima_policy_flag will
be set to 0 when either IMA is not initialized or the IMA policy
itself is empty.

Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
 security/integrity/ima/ima_asymmetric_keys.c | 2 ++
 1 file changed, 2 insertions(+)

diff mbox series

diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c
index 7d6603bfcc06..61c42d06a636 100644
--- a/security/integrity/ima/ima_asymmetric_keys.c
+++ b/security/integrity/ima/ima_asymmetric_keys.c
@@ -15,6 +15,8 @@ 
 #include <keys/asymmetric-type.h>
 #include "ima.h"
+bool ima_process_keys_for_measurement;
  * ima_post_key_create_or_update - measure asymmetric keys
  * @keyring: keyring to which the key is linked to