• Roberto Sassu's avatar
    ima: added ima_policy_flag variable · a756024e
    Roberto Sassu authored
    This patch introduces the new variable 'ima_policy_flag', whose bits
    are set depending on the action of the current policy rules. Only the
    flags IMA_MEASURE, IMA_APPRAISE and IMA_AUDIT are set.
    
    The new variable will be used to improve performance by skipping the
    unnecessary execution of IMA code if the policy does not contain rules
    with the above actions.
    
    Changes in v6 (Roberto Sassu)
    * do not check 'ima_initialized' before calling ima_update_policy_flag()
      in ima_update_policy() (suggested by Dmitry)
    * calling ima_update_policy_flag() moved to init_ima to co-locate with
      ima_initialized (Dmitry)
    * add/revise comments (Mimi)
    
    Changes in v5 (Roberto Sassu)
    * reset IMA_APPRAISE flag in 'ima_policy_flag' if 'ima_appraise' is set
      to zero (reported by Dmitry)
    * update 'ima_policy_flag' only if IMA initialization is successful
      (suggested by Mimi and Dmitry)
    * check 'ima_policy_flag' instead of 'ima_initialized'
      (suggested by Mimi and Dmitry)
    Signed-off-by: default avatarRoberto Sassu <roberto.sassu@polito.it>
    Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
    Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
    a756024e
ima_policy.c 19.5 KB