xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ima: add support for measuring and appraising firmware

Browse Source 
The "security: introduce kernel_fw_from_file hook" patch defined a
new security hook to evaluate any loaded firmware that wasn't built
into the kernel.

This patch defines ima_fw_from_file(), which is called from the new
security hook, to measure and/or appraise the loaded firmware's
integrity.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
Mimi Zohar
2014-07-22 10:39:48 -04:00
committed by Kees Cook
parent 6593d9245b
commit 5a9196d715
8 changed files with 50 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
security/integrity/ima/ima_main.c
View File

@@ -319,6 +319,17 @@ int ima_module_check(struct file *file)
return process_measurement(file, NULL, MAY_EXEC, MODULE_CHECK);
}
int ima_fw_from_file(struct file *file, char *buf, size_t size)
{
if (!file) {
if ((ima_appraise & IMA_APPRAISE_FIRMWARE) &&
(ima_appraise & IMA_APPRAISE_ENFORCE))
return -EACCES; /* INTEGRITY_UNKNOWN */
return 0;
}
return process_measurement(file, NULL, MAY_EXEC, FIRMWARE_CHECK);
}
static int __init init_ima(void)
{
int error;