xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
派生 0
代码 工单 合并请求 工作流 软件包 项目 发布 百科 活动

ima: use dynamically allocated hash storage

浏览代码 
For each inode in the IMA policy, an iint is allocated.  To support
larger hash digests, the iint digest size changed from 20 bytes to
the maximum supported hash digest size.  Instead of allocating the
maximum size, which most likely is not needed, this patch dynamically
allocates the needed hash storage.

Changelog:
- fix krealloc bug

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
这个提交包含在:
Dmitry Kasatkin
2013-04-25 10:44:04 +03:00
提交者 Mimi Zohar
父节点 b1aaab22e2
当前提交 a35c3fb649
修改 4 个文件,包含 49 行新增30 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

16
security/integrity/ima/ima_appraise.c
查看文件

@@ -45,10 +45,10 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func)
static int ima_fix_xattr(struct dentry *dentry,
struct integrity_iint_cache *iint)
{
iint->ima_hash.type = IMA_XATTR_DIGEST;
iint->ima_hash->type = IMA_XATTR_DIGEST;
return __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA,
&iint->ima_hash.type,
1 + iint->ima_hash.length, 0);
&iint->ima_hash->type,
1 + iint->ima_hash->length, 0);
}
/* Return specific func appraised cached result */
@@ -186,13 +186,13 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
status = INTEGRITY_FAIL;
break;
}
if (xattr_len - 1 >= iint->ima_hash.length)
if (xattr_len - 1 >= iint->ima_hash->length)
/* xattr length may be longer. md5 hash in previous
version occupied 20 bytes in xattr, instead of 16
*/
rc = memcmp(xattr_value->digest,
iint->ima_hash.digest,
iint->ima_hash.length);
iint->ima_hash->digest,
iint->ima_hash->length);
else
rc = -EINVAL;
if (rc) {
@@ -206,8 +206,8 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
iint->flags |= IMA_DIGSIG;
rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,
(const char *)xattr_value, rc,
iint->ima_hash.digest,
iint->ima_hash.length);
iint->ima_hash->digest,
iint->ima_hash->length);
if (rc == -EOPNOTSUPP) {
status = INTEGRITY_UNKNOWN;
} else if (rc) {