xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ima: switch to new template management mechanism

Browse Source 
This patch performs the switch to the new template mechanism by modifying
the functions ima_alloc_init_template(), ima_measurements_show() and
ima_ascii_measurements_show(). The old function ima_template_show() was
removed as it is no longer needed. Also, if the template descriptor used
to generate a measurement entry is not 'ima', the whole length of field
data stored for an entry is provided before the data itself through the
binary_runtime_measurement interface.

Changelog:
- unnecessary to use strncmp() (Mimi Zohar)
- create new variable 'field' in ima_alloc_init_template() (Roberto Sassu)
- use GFP_NOFS flag in ima_alloc_init_template() (Roberto Sassu)
- new variable 'num_fields' in ima_store_template() (Roberto Sassu,
  proposed by Mimi Zohar)
- rename ima_calc_buffer_hash/template_hash() to ima_calc_field_array_hash(),
  something more generic (Mimi, requested by Dmitry)
- sparse error fix - Fengguang Wu
- fix lindent warnings
- always include the field length in the template data length
- include the template field length variable size in the template data length
- include both the template field data and field length in the template digest
  calculation. Simplifies verifying the template digest. (Mimi)

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Roberto Sassu
2013-06-07 12:16:33 +02:00
committed by Mimi Zohar
parent 4d7aeee73f
commit a71dc65d30
5 changed files with 107 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
security/integrity/ima/ima_template.c
View File

@@ -31,6 +31,20 @@ static struct ima_template_field supported_fields[] = {
.field_show = ima_show_template_string},
};
static struct ima_template_desc *ima_template;
static struct ima_template_desc *lookup_template_desc(const char *name)
{
int i;
for (i = 0; i < ARRAY_SIZE(defined_templates); i++) {
if (strcmp(defined_templates[i].name, name) == 0)
return defined_templates + i;
}
return NULL;
}
static struct ima_template_field *lookup_template_field(const char *field_id)
{
int i;
@@ -110,6 +124,14 @@ static int init_defined_templates(void)
return result;
}
struct ima_template_desc *ima_template_desc_current(void)
{
if (!ima_template)
ima_template = lookup_template_desc(IMA_TEMPLATE_IMA_NAME);
return ima_template;
}
int ima_init_template(void)
{
int result;