lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1461006589.2423.3.camel@linux.vnet.ibm.com>
Date:	Mon, 18 Apr 2016 15:09:49 -0400
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	Kees Cook <keescook@...omium.org>
Cc:	Al Viro <viro@...IV.linux.org.uk>,
	linux-security-module <linux-security-module@...r.kernel.org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: [PATCH v2] fs: define a string representation of the
 kernel_read_file_id enumeration

A string representation of the kernel_read_file_id enumeration is
needed for displaying messages (eg. pr_info, auditing) that can be
used by multiple LSMs and the integrity subsystem.  To simplify
keeping the list of strings up to date with the enumeration, this
patch defines two new preprocessing macros named __fid_enumify and
__fid_stringify to create the enumeration and an array of strings.
kernel_read_file_id_str() returns a string based on the enumeration.

Changelog:
- redefined the macros and simplified their usage - James Bottomley

Signed-off-by: Mimi Zohar <zohar@...ux.vnet.ibm.com>
---
 fs/exec.c          | 19 -------------------
 include/linux/fs.h | 32 +++++++++++++++++++++++++-------
 2 files changed, 25 insertions(+), 26 deletions(-)

diff --git a/fs/exec.c b/fs/exec.c
index 05e71b6..c4010b8 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -819,25 +819,6 @@ struct file *open_exec(const char *name)
 }
 EXPORT_SYMBOL(open_exec);
 
-const char *kernel_read_file_id_str(enum kernel_read_file_id id)
-{
-	switch (id) {
-	case READING_FIRMWARE:
-		return "firmware";
-	case READING_MODULE:
-		return "kernel-module";
-	case READING_KEXEC_IMAGE:
-		return "kexec-image";
-	case READING_KEXEC_INITRAMFS:
-		return "kexec-initramfs";
-	case READING_POLICY:
-		return "security-policy";
-	default:
-		return "unknown";
-	}
-}
-EXPORT_SYMBOL(kernel_read_file_id_str);
-
 int kernel_read(struct file *file, loff_t offset,
 		char *addr, unsigned long count)
 {
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 23ea886..497c17f 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2580,16 +2580,34 @@ static inline void i_readcount_inc(struct inode *inode)
 #endif
 extern int do_pipe_flags(int *, int);
 
+#define __kernel_read_file_id(id) \
+	id(UNKNOWN, unknown)		\
+	id(FIRMWARE, firmware)		\
+	id(MODULE, kernel-module)		\
+	id(KEXEC_IMAGE, kexec-image)		\
+	id(KEXEC_INITRAMFS, kexec-initramfs)	\
+	id(POLICY, security-policy)		\
+	id(MAX_ID, )
+
+#define __fid_enumify(ENUM, dummy) READING_ ## ENUM,
+#define __fid_stringify(dummy, str) #str,
+
 enum kernel_read_file_id {
-	READING_FIRMWARE = 1,
-	READING_MODULE,
-	READING_KEXEC_IMAGE,
-	READING_KEXEC_INITRAMFS,
-	READING_POLICY,
-	READING_MAX_ID
+	__kernel_read_file_id(__fid_enumify)
+};
+
+static const char *kernel_read_file_str[] = {
+	__kernel_read_file_id(__fid_stringify)
 };
 
-extern const char *kernel_read_file_id_str(enum kernel_read_file_id id);
+static inline const char *kernel_read_file_id_str(enum kernel_read_file_id id)
+{
+	if (id < 0 || id >= READING_MAX_ID)
+		return kernel_read_file_str[READING_UNKNOWN];
+
+	return kernel_read_file_str[id];
+}
+
 extern int kernel_read(struct file *, loff_t, char *, unsigned long);
 extern int kernel_read_file(struct file *, void **, loff_t *, loff_t,
 			    enum kernel_read_file_id);
-- 
2.1.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ