]> git.karo-electronics.de Git - karo-tx-linux.git/blobdiff - security/integrity/ima/ima_appraise.c
projects / karo-tx-linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ima: added policy support for 'security.ima' type
[karo-tx-linux.git] / security / integrity / ima / ima_appraise.c
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index fa675c907e0fc97bff65199a2d974a6fad876a59..8004332ccb8f4b94f93188c37f57ce6fab085066 100644 (file)
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -102,6 +102,11 @@ int ima_appraise_measurement(struct integrity_iint_cache *iint,
 
        switch (xattr_value->type) {
        case IMA_XATTR_DIGEST:
+               if (iint->flags & IMA_DIGSIG_REQUIRED) {
+                       cause = "IMA signature required";
+                       status = INTEGRITY_FAIL;
+                       break;
+               }
                rc = memcmp(xattr_value->digest, iint->ima_xattr.digest,
                            IMA_DIGEST_SIZE);
                if (rc) {
Linux kernel for KaRo TX COM modules