| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Apr 2017 17:17:43 -0300
From: Thiago Jung Bauermann <bauerman@...ux.vnet.ibm.com>
To: linux-security-module@...r.kernel.org
Cc: linux-ima-devel@...ts.sourceforge.net, keyrings@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
David Howells <dhowells@...hat.com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Claudio Carvalho <cclaudio@...ux.vnet.ibm.com>,
Thiago Jung Bauermann <bauerman@...ux.vnet.ibm.com>
Subject: [PATCH 3/6] ima: Simplify policy_func_show.
If the func_tokens array uses the same indices as enum ima_hooks,
policy_func_show can be a lot simpler, and the func_* enum becomes
unnecessary.
Signed-off-by: Thiago Jung Bauermann <bauerman@...ux.vnet.ibm.com>
---
security/integrity/ima/ima_policy.c | 47 ++++++-------------------------------
1 file changed, 7 insertions(+), 40 deletions(-)
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index cfda5d7b17ec..158eafef64e8 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -896,20 +896,14 @@ static const char *const mask_tokens[] = {
"MAY_APPEND"
};
-enum {
- func_file = 0, func_mmap, func_bprm,
- func_module, func_firmware, func_post,
- func_kexec_kernel, func_kexec_initramfs,
- func_policy
-};
-
static const char *const func_tokens[] = {
+ NULL,
"FILE_CHECK",
"MMAP_CHECK",
"BPRM_CHECK",
+ "POST_SETATTR",
"MODULE_CHECK",
"FIRMWARE_CHECK",
- "POST_SETATTR",
"KEXEC_KERNEL_CHECK",
"KEXEC_INITRAMFS_CHECK",
"POLICY_CHECK"
@@ -949,48 +943,21 @@ void ima_policy_stop(struct seq_file *m, void *v)
#define pt(token) policy_tokens[token + Opt_err].pattern
#define mt(token) mask_tokens[token]
-#define ft(token) func_tokens[token]
/*
* policy_func_show - display the ima_hooks policy rule
*/
static void policy_func_show(struct seq_file *m, enum ima_hooks func)
{
- char tbuf[64] = {0,};
+ if (func > 0 && func < MAX_CHECK)
+ seq_printf(m, pt(Opt_func), func_tokens[func]);
+ else {
+ char tbuf[64] = {0,};
- switch (func) {
- case FILE_CHECK:
- seq_printf(m, pt(Opt_func), ft(func_file));
- break;
- case MMAP_CHECK:
- seq_printf(m, pt(Opt_func), ft(func_mmap));
- break;
- case BPRM_CHECK:
- seq_printf(m, pt(Opt_func), ft(func_bprm));
- break;
- case MODULE_CHECK:
- seq_printf(m, pt(Opt_func), ft(func_module));
- break;
- case FIRMWARE_CHECK:
- seq_printf(m, pt(Opt_func), ft(func_firmware));
- break;
- case POST_SETATTR:
- seq_printf(m, pt(Opt_func), ft(func_post));
- break;
- case KEXEC_KERNEL_CHECK:
- seq_printf(m, pt(Opt_func), ft(func_kexec_kernel));
- break;
- case KEXEC_INITRAMFS_CHECK:
- seq_printf(m, pt(Opt_func), ft(func_kexec_initramfs));
- break;
- case POLICY_CHECK:
- seq_printf(m, pt(Opt_func), ft(func_policy));
- break;
- default:
snprintf(tbuf, sizeof(tbuf), "%d", func);
seq_printf(m, pt(Opt_func), tbuf);
- break;
}
+
seq_puts(m, " ");
}
--
2.7.4
Powered by blists - more mailing lists