| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Apr 2020 11:39:06 +0800
From: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
To: zohar@...ux.ibm.com, dmitry.kasatkin@...il.com, jmorris@...ei.org,
serge@...lyn.com, zhangliguang@...ux.alibaba.com
Cc: linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 1/2] ima: support to read appraise mode
Support to read appraise mode in runtime through securityfs file
'integrity/ima/appraise_mode'.
Signed-off-by: luanshi <zhangliguang@...ux.alibaba.com>
Signed-off-by: Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>
---
security/integrity/ima/ima_fs.c | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index a71e822a6e92..65384f6ac0d9 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -360,6 +360,7 @@ static struct dentry *ascii_runtime_measurements;
static struct dentry *runtime_measurements_count;
static struct dentry *violations;
static struct dentry *ima_policy;
+static struct dentry *appraise_mode;
enum ima_fs_flags {
IMA_FS_BUSY,
@@ -447,6 +448,29 @@ static const struct file_operations ima_measure_policy_ops = {
.llseek = generic_file_llseek,
};
+static ssize_t ima_appraise_mode_read(struct file *filp,
+ char __user *buf,
+ size_t count, loff_t *ppos)
+{
+ const char *mode;
+
+ if (ima_appraise & IMA_APPRAISE_ENFORCE)
+ mode = "enforce";
+ else if (ima_appraise & IMA_APPRAISE_FIX)
+ mode = "fix";
+ else if (ima_appraise & IMA_APPRAISE_LOG)
+ mode = "log";
+ else
+ mode = "off";
+
+ return simple_read_from_buffer(buf, count, ppos, mode, strlen(mode));
+}
+
+static const struct file_operations ima_appraise_mode_ops = {
+ .read = ima_appraise_mode_read,
+ .llseek = generic_file_llseek,
+};
+
int __init ima_fs_init(void)
{
ima_dir = securityfs_create_dir("ima", integrity_dir);
@@ -491,14 +515,20 @@ int __init ima_fs_init(void)
if (IS_ERR(ima_policy))
goto out;
+ appraise_mode =
+ securityfs_create_file("appraise_mode", S_IRUSR | S_IRGRP,
+ ima_dir, NULL, &ima_appraise_mode_ops);
+ if (IS_ERR(appraise_mode))
+ goto out;
+
return 0;
out:
+ securityfs_remove(ima_policy);
securityfs_remove(violations);
securityfs_remove(runtime_measurements_count);
securityfs_remove(ascii_runtime_measurements);
securityfs_remove(binary_runtime_measurements);
securityfs_remove(ima_symlink);
securityfs_remove(ima_dir);
- securityfs_remove(ima_policy);
return -1;
}
--
2.17.1
Powered by blists - more mailing lists