diff options
| author | Mimi Zohar <[email protected]> | 2015-11-19 12:39:22 -0500 |
|---|---|---|
| committer | Mimi Zohar <[email protected]> | 2016-02-21 09:03:44 -0500 |
| commit | e40ba6d56b41754b37b995dbc8035b2b3a6afd8a (patch) | |
| tree | 0bbc573dde5374e434d6acd883b330f92645bfe2 /tools/perf/scripts/python/net_dropmonitor.py | |
| parent | 09596b94f7d28595602482e69ed954deab707437 (diff) | |
firmware: replace call to fw_read_file_contents() with kernel version
Replace the fw_read_file_contents with kernel_file_read_from_path().
Although none of the upstreamed LSMs define a kernel_fw_from_file hook,
IMA is called by the security function to prevent unsigned firmware from
being loaded and to measure/appraise signed firmware, based on policy.
Instead of reading the firmware twice, once for measuring/appraising the
firmware and again for reading the firmware contents into memory, the
kernel_post_read_file() security hook calculates the file hash based on
the in memory file buffer. The firmware is read once.
This patch removes the LSM kernel_fw_from_file() hook and security call.
Changelog v4+:
- revert dropped buf->size assignment - reported by Sergey Senozhatsky
v3:
- remove kernel_fw_from_file hook
- use kernel_file_read_from_path() - requested by Luis
v2:
- reordered and squashed firmware patches
- fix MAX firmware size (Kees Cook)
Signed-off-by: Mimi Zohar <[email protected]>
Acked-by: Kees Cook <[email protected]>
Acked-by: Luis R. Rodriguez <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/net_dropmonitor.py')
0 files changed, 0 insertions, 0 deletions