Re: [Linux-ima-user] a question about invalidate pcr

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sun, 2009-09-20 at 21:17 +0800, zhangkai108 wrote:
> hello,
>        I read a part of source codes in ima.h. I can't understand it.
>        #define MEM_MINOR     1 
> 
> #define KMEM_MINOR   2
> 
> #ifdef CONFIG_IMA_KMEM_BYPASS_PROTECTION
> 
> static inline void check_kmem_bypass(struct inode *inode)
> 
> {
> 
>          if ((imajor(inode) == MEM_MAJOR)
> 
>             && S_ISCHR(inode->i_mode) && (iminor(inode) ==
> KMEM_MINOR))
> 
>                    invalidate_pcr("/dev/kmem write violation");
> 
> }
> 
> #else
> 
> static inline void check_kmem_bypass(struct inode *inode)
> 
> {
> 
>          return;
> 
> }
> 
> #endif
> 
> why  the "invalidate pcr" function is called  after passing the
> judgement of if confiditional statment ? I hope you can explain it for
> me. Thank you.

PCR invalidation is an indication that something could modify a file
without the modification being reported in the IMA measurement list.

This code is from the original LSM based IMA code, not the current code
in the mainline Linux kernel. Originally, as only one module could use
the LSM hooks, IMA and an LSM module, which implements access control,
could not co-exist. Today, ima_ hooks are directly imbedded in the
mainline code. So, access control is left up to the LSM module.

Mimi