ima: add Kconfig default measurement list template (4286587d) · Commits · e / devices / android_kernel_samsung_universal8895

security/integrity/ima/Kconfig

+25 −0

Original line number	Diff line number	Diff line
		@@ -46,6 +46,31 @@ config IMA_LSM_RULES
		help
		Disabling this option will disregard LSM based policy rules.

		choice
		prompt "Default template"
		default IMA_NG_TEMPLATE
		depends on IMA
		help
		Select the default IMA measurement template.

		The original 'ima' measurement list template contains a
		hash, defined as 20 bytes, and a null terminated pathname,
		limited to 255 characters. The 'ima-ng' measurement list
		template permits both larger hash digests and longer
		pathnames.

		config IMA_TEMPLATE
		bool "ima"
		config IMA_NG_TEMPLATE
		bool "ima-ng (default)"
		endchoice

		config IMA_DEFAULT_TEMPLATE
		string
		depends on IMA
		default "ima" if IMA_TEMPLATE
		default "ima-ng" if IMA_NG_TEMPLATE

		config IMA_APPRAISE
		bool "Appraise integrity measurements"
		depends on IMA

+2 −2

Original line number	Diff line number	Diff line
		@@ -127,8 +127,8 @@ static int init_defined_templates(void)
		struct ima_template_desc *ima_template_desc_current(void)
		{
		if (!ima_template)
		ima_template = lookup_template_desc(IMA_TEMPLATE_IMA_NAME);

		ima_template =
		lookup_template_desc(CONFIG_IMA_DEFAULT_TEMPLATE);
		return ima_template;
		}