On Wed, 2021-10-13 at 07:01 -0400, Mimi Zohar wrote:

A major interpreter integrity gap exists which allows files read by
the interpreter to be executed without measuring the file or verifying
the file's signature.

The kernel has no knowledge about the file being read by the interpreter.
Only the interpreter knows the context(eg. data, execute) and must be
trusted to provide that information accurately.

To close this integrity gap, define an ima_trusted_for hook to allow
IMA to measure the file and verify the file's signature based on policy.

Sample policy rules:
	measure func=TRUSTED_FOR_CHECK
	appraise func=TRUSTED_FOR_CHECK

To require file signatures, the policy rule should be:
	appraise func=TRUSTED_FOR_CHECK appraise_type=imasig

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>