1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * Copyright (C) 2021 Microsoft Corporation 4 * 5 * Author: Lakshmi Ramasubramanian (nramas@linux.microsoft.com) 6 * 7 * Measure critical data structures maintainted by SELinux 8 * using IMA subsystem. 9 */ 10 #include <linux/vmalloc.h> 11 #include <linux/ima.h> 12 #include "security.h" 13 #include "ima.h" 14 15 /* 16 * selinux_ima_measure_state - Measure hash of the SELinux policy 17 * 18 * @state: selinux state struct 19 * 20 * NOTE: This function must be called with policy_mutex held. 21 */ 22 void selinux_ima_measure_state(struct selinux_state *state) 23 { 24 void *policy = NULL; 25 size_t policy_len; 26 int rc = 0; 27 28 /* 29 * Measure SELinux policy only after initialization is completed. 30 */ 31 if (!selinux_initialized(state)) 32 return; 33 34 rc = security_read_state_kernel(state, &policy, &policy_len); 35 if (rc) { 36 pr_err("SELinux: %s: failed to read policy %d.\n", __func__, rc); 37 return; 38 } 39 40 ima_measure_critical_data("selinux", "selinux-policy-hash", 41 policy, policy_len, true); 42 43 vfree(policy); 44 } 45