| Lakshmi Ramasubramanian | fdd1ffe | 2021-01-14 11:15:22 -0800 | [diff] [blame^] | 1 | // SPDX-License-Identifier: GPL-2.0+ |
| 2 | /* |
| 3 | * Copyright (C) 2021 Microsoft Corporation |
| 4 | * |
| 5 | * Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com) |
| 6 | * |
| 7 | * Measure critical data structures maintainted by SELinux |
| 8 | * using IMA subsystem. |
| 9 | */ |
| 10 | #include <linux/vmalloc.h> |
| 11 | #include <linux/ima.h> |
| 12 | #include "security.h" |
| 13 | #include "ima.h" |
| 14 | |
| 15 | /* |
| 16 | * selinux_ima_measure_state - Measure hash of the SELinux policy |
| 17 | * |
| 18 | * @state: selinux state struct |
| 19 | * |
| 20 | * NOTE: This function must be called with policy_mutex held. |
| 21 | */ |
| 22 | void selinux_ima_measure_state(struct selinux_state *state) |
| 23 | { |
| 24 | void *policy = NULL; |
| 25 | size_t policy_len; |
| 26 | int rc = 0; |
| 27 | |
| 28 | /* |
| 29 | * Measure SELinux policy only after initialization is completed. |
| 30 | */ |
| 31 | if (!selinux_initialized(state)) |
| 32 | return; |
| 33 | |
| 34 | rc = security_read_state_kernel(state, &policy, &policy_len); |
| 35 | if (rc) { |
| 36 | pr_err("SELinux: %s: failed to read policy %d.\n", __func__, rc); |
| 37 | return; |
| 38 | } |
| 39 | |
| 40 | ima_measure_critical_data("selinux", "selinux-policy-hash", |
| 41 | policy, policy_len, true); |
| 42 | |
| 43 | vfree(policy); |
| 44 | } |