| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Nov 2013 13:33:44 +0100
From: Roberto Sassu <roberto.sassu@...ito.it>
To: linux-security-module@...r.kernel.org
Cc: linux-kernel@...r.kernel.org,
linux-ima-devel@...ts.sourceforge.net, zohar@...ibm.com,
d.kasatkin@...sung.com, james.l.morris@...cle.com,
Roberto Sassu <roberto.sassu@...ito.it>
Subject: [PATCH-v2 5/6] ima: pass template descriptor to ima_alloc_init_template()
This patch adds the template descriptor as a new argument to the function
ima_alloc_init_template() so that callers can specify the format of the
new measurement entry being generated.
Signed-off-by: Roberto Sassu <roberto.sassu@...ito.it>
---
security/integrity/ima/ima.h | 6 ++++--
security/integrity/ima/ima_api.c | 15 ++++++++++-----
security/integrity/ima/ima_init.c | 3 ++-
security/integrity/ima/ima_main.c | 2 +-
4 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 632d92e..fc2fbf3 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -142,13 +142,15 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len);
+ int xattr_len, struct ima_template_desc *desc);
void ima_audit_measurement(struct integrity_iint_cache *iint,
const unsigned char *filename);
int ima_alloc_init_template(struct integrity_iint_cache *iint,
struct file *file, const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len, struct ima_template_entry **entry);
+ int xattr_len,
+ struct ima_template_desc *template_desc,
+ struct ima_template_entry **entry);
int ima_store_template(struct ima_template_entry *entry, int violation,
struct inode *inode, const unsigned char *filename);
const char *ima_d_path(struct path *path, char **pathbuf);
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 8037484..444ec53 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -27,11 +27,15 @@
int ima_alloc_init_template(struct integrity_iint_cache *iint,
struct file *file, const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len, struct ima_template_entry **entry)
+ int xattr_len,
+ struct ima_template_desc *template_desc,
+ struct ima_template_entry **entry)
{
- struct ima_template_desc *template_desc = ima_template_desc_current();
int i, result = 0;
+ if (template_desc == NULL)
+ return -EINVAL;
+
*entry = kzalloc(sizeof(**entry) + template_desc->num_fields *
sizeof(struct ima_field_data), GFP_NOFS);
if (!*entry)
@@ -120,6 +124,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
{
struct ima_template_entry *entry;
struct inode *inode = file->f_dentry->d_inode;
+ struct ima_template_desc *desc = ima_template_desc_current();
int violation = 1;
int result;
@@ -127,7 +132,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
atomic_long_inc(&ima_htable.violations);
result = ima_alloc_init_template(NULL, file, filename,
- NULL, 0, &entry);
+ NULL, 0, desc, &entry);
if (result < 0) {
result = -ENOMEM;
goto err_out;
@@ -245,7 +250,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
void ima_store_measurement(struct integrity_iint_cache *iint,
struct file *file, const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len)
+ int xattr_len, struct ima_template_desc *desc)
{
const char *op = "add_template_measure";
const char *audit_cause = "ENOMEM";
@@ -258,7 +263,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
return;
result = ima_alloc_init_template(iint, file, filename,
- xattr_value, xattr_len, &entry);
+ xattr_value, xattr_len, desc, &entry);
if (result < 0) {
integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
op, audit_cause, result, 0);
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 15f34bd..3a4df15 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -44,6 +44,7 @@ static void __init ima_add_boot_aggregate(void)
{
struct ima_template_entry *entry;
struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
+ struct ima_template_desc *desc = ima_template_desc_current();
const char *op = "add_boot_aggregate";
const char *audit_cause = "ENOMEM";
int result = -ENOMEM;
@@ -69,7 +70,7 @@ static void __init ima_add_boot_aggregate(void)
}
result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
- NULL, 0, &entry);
+ NULL, 0, desc, &entry);
if (result < 0)
return;
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 149ee11..e08ce72 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -226,7 +226,7 @@ static int process_measurement(struct file *file, const char *filename,
if (action & IMA_MEASURE)
ima_store_measurement(iint, file, pathname,
- xattr_value, xattr_len);
+ xattr_value, xattr_len, template_desc);
if (action & IMA_APPRAISE_SUBMASK)
rc = ima_appraise_measurement(_func, iint, file, pathname,
xattr_value, xattr_len);
--
1.8.1.4
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (2061 bytes)
Powered by blists - more mailing lists