xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ima: wrap event related data to the new ima_event_data structure

Browse Source 
All event related data has been wrapped into the new 'ima_event_data'
structure. The main benefit of this patch is that a new information
can be made available to template fields initialization functions
by simply adding a new field to the new structure instead of modifying
the definition of those functions.

Changelog:
 - v2:
   - f_dentry replaced with f_path.dentry (Roberto Sassu)
   - removed declaration of temporary variables in template field functions
     when possible (suggested by Dmitry Kasatkin)

Signed-off-by: Roberto Sassu <rsassu@suse.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Roberto Sassu
2015-04-11 17:09:50 +02:00
committed by Mimi Zohar
parent 9d03a721a3
commit 23b5741932
5 changed files with 61 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
security/integrity/ima/ima_api.c
View File

@@ -37,10 +37,8 @@ void ima_free_template_entry(struct ima_template_entry *entry)
/*
* ima_alloc_init_template - create and initialize a new template entry
*/
int ima_alloc_init_template(struct integrity_iint_cache *iint,
struct file *file, const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
int xattr_len, struct ima_template_entry **entry)
int ima_alloc_init_template(struct ima_event_data *event_data,
struct ima_template_entry **entry)
{
struct ima_template_desc *template_desc = ima_template_desc_current();
int i, result = 0;
@@ -55,8 +53,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
struct ima_template_field *field = template_desc->fields[i];
u32 len;
result = field->field_init(iint, file, filename,
xattr_value, xattr_len,
result = field->field_init(event_data,
&((*entry)->template_data[i]));
if (result != 0)
goto out;
@@ -133,14 +130,14 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
{
struct ima_template_entry *entry;
struct inode *inode = file_inode(file);
struct ima_event_data event_data = {NULL, file, filename, NULL, 0};
int violation = 1;
int result;
/* can overflow, only indicator */
atomic_long_inc(&ima_htable.violations);
result = ima_alloc_init_template(NULL, file, filename,
NULL, 0, &entry);
result = ima_alloc_init_template(&event_data, &entry);
if (result < 0) {
result = -ENOMEM;
goto err_out;
@@ -267,13 +264,14 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
int result = -ENOMEM;
struct inode *inode = file_inode(file);
struct ima_template_entry *entry;
struct ima_event_data event_data = {iint, file, filename,
xattr_value, xattr_len};
int violation = 0;
if (iint->flags & IMA_MEASURED)
return;
result = ima_alloc_init_template(iint, file, filename,
xattr_value, xattr_len, &entry);
result = ima_alloc_init_template(&event_data, &entry);
if (result < 0) {
integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
op, audit_cause, result, 0);