On Mon, 2026-06-29 at 09:26 +0000, Enrico  Bravi wrote:
> > > diff --git a/security/integrity/ima/ima_fs.c
> > > b/security/integrity/ima/ima_fs.c
> > > index 65e7812c702f..a277c9135944 100644
> > > --- a/security/integrity/ima/ima_fs.c
> > > +++ b/security/integrity/ima/ima_fs.c
> > > @@ -356,6 +356,7 @@ static ssize_t ima_write_policy(struct file *file, 
> > > const
> > > char __user *buf,
> > >                               1, 0);
> > >           result = -EACCES;
> > >   } else {
> > > +         ima_measure_policy_buf(data, datalen);
> > 
> > Should failure to measure the input policy rules be audited?
> 
> process_buffer_measurement() is already auditing in case of failure before
> returning. Do you think it is necessary to audit also at this point?

No, you're correct.

> 
> > >           result = ima_parse_add_rule(data);
> > >   }
> > >   mutex_unlock(&ima_write_mutex);
> > > diff --git a/security/integrity/ima/ima_main.c
> > > b/security/integrity/ima/ima_main.c
> > > index 5cea53fc36df..599495304712 100644
> > > --- a/security/integrity/ima/ima_main.c
> > > +++ b/security/integrity/ima/ima_main.c
> > > @@ -1221,6 +1221,25 @@ int ima_measure_critical_data(const char
> > > *event_label,
> > >  }
> > >  EXPORT_SYMBOL_GPL(ima_measure_critical_data);
> > >  
> > > +/**
> > > + * ima_measure_policy_buf - Measure the policy write buffer
> > 
> > Consider renaming this function to ima_measure_policy_input(), which 
> > parallels
> > the function ima_measure_loaded_policy() in the first patch.
> 
> My intention with the previous ima_measure_policy_write() name was to 
> highlight
> the fact it is not measuring every data sent to the policy file. For example,
> writing the path of the file from which reading the new policy does not 
> trigger
> this measurement. Eventually, what do you think of ima_measure_raw_policy() or
> ima_measure_unparsed_policy()?

The policy could have comment lines, which are being measured.  Naming the
function ima_measure_raw_policy() is perfect.

> 
thanks,

Mimi

Reply via email to