On Mon, 2026-06-29 at 09:26 +0000, Enrico Bravi wrote:
> > > diff --git a/security/integrity/ima/ima_fs.c
> > > b/security/integrity/ima/ima_fs.c
> > > index 65e7812c702f..a277c9135944 100644
> > > --- a/security/integrity/ima/ima_fs.c
> > > +++ b/security/integrity/ima/ima_fs.c
> > > @@ -356,6 +356,7 @@ static ssize_t ima_write_policy(struct file *file,
> > > const
> > > char __user *buf,
> > > 1, 0);
> > > result = -EACCES;
> > > } else {
> > > + ima_measure_policy_buf(data, datalen);
> >
> > Should failure to measure the input policy rules be audited?
>
> process_buffer_measurement() is already auditing in case of failure before
> returning. Do you think it is necessary to audit also at this point?
No, you're correct.
>
> > > result = ima_parse_add_rule(data);
> > > }
> > > mutex_unlock(&ima_write_mutex);
> > > diff --git a/security/integrity/ima/ima_main.c
> > > b/security/integrity/ima/ima_main.c
> > > index 5cea53fc36df..599495304712 100644
> > > --- a/security/integrity/ima/ima_main.c
> > > +++ b/security/integrity/ima/ima_main.c
> > > @@ -1221,6 +1221,25 @@ int ima_measure_critical_data(const char
> > > *event_label,
> > > }
> > > EXPORT_SYMBOL_GPL(ima_measure_critical_data);
> > >
> > > +/**
> > > + * ima_measure_policy_buf - Measure the policy write buffer
> >
> > Consider renaming this function to ima_measure_policy_input(), which
> > parallels
> > the function ima_measure_loaded_policy() in the first patch.
>
> My intention with the previous ima_measure_policy_write() name was to
> highlight
> the fact it is not measuring every data sent to the policy file. For example,
> writing the path of the file from which reading the new policy does not
> trigger
> this measurement. Eventually, what do you think of ima_measure_raw_policy() or
> ima_measure_unparsed_policy()?
The policy could have comment lines, which are being measured. Naming the
function ima_measure_raw_policy() is perfect.
>
thanks,
Mimi