Re: [PATCH v9 4/8] IMA: add policy rule to measure critical data

From: Mimi Zohar
Date: Thu Dec 24 2020 - 08:50:53 EST


Hi Tushar,

Please update the Subject line as, "Add policy rule support for
measuring critical data".

On Sat, 2020-12-12 at 10:02 -0800, Tushar Sugandhi wrote:
> A new IMA policy rule is needed for the IMA hook
> ima_measure_critical_data() and the corresponding func CRITICAL_DATA for
> measuring the input buffer. The policy rule should ensure the buffer
> would get measured only when the policy rule allows the action. The
> policy rule should also support the necessary constraints (flags etc.)
> for integrity critical buffer data measurements.
>
> Add a policy rule to define the constraints for restricting integrity
> critical data measurements.
>
> Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>

This patch does not restrict measuring critical data, but adds policy
rule support for measuring critical data. please update the patch
description accordingly.

Other than that,

Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>