GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-23 07:12:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

ima: pass the filename argument up to ima_add_template_entry()

Browse source 
Pass the filename argument to ima_add_template_entry() in order to
eliminate a dependency on template specific data (third argument of
integrity_audit_msg).

This change is required because, with the new template management
mechanism, the generation of a new measurement entry will be performed
by new specific functions (introduced in next patches) and the current IMA
code will not be aware anymore of how data is stored in the entry payload.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Roberto Sassu 2013-06-07 12:16:27 +02:00 committed by Mimi Zohar
parent 7d802a227b
commit 9803d413f4
4 changed files with 13 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

9
security/integrity/ima/ima_api.c
View file

@ -40,7 +40,8 @@ static const char *IMA_TEMPLATE_NAME = "ima";
* Returns 0 on success, error code otherwise
*/
int ima_store_template(struct ima_template_entry *entry,
int violation, struct inode *inode)
int violation, struct inode *inode,
const unsigned char *filename)
{
const char *op = "add_template_measure";
const char *audit_cause = "hashing_error";
@ -67,7 +68,7 @@ int ima_store_template(struct ima_template_entry *entry,
}
memcpy(entry->digest, hash.hdr.digest, hash.hdr.length);
}
result = ima_add_template_entry(entry, violation, op, inode);
result = ima_add_template_entry(entry, violation, op, inode, filename);
return result;
}
@ -96,7 +97,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
}
memset(&entry->template, 0, sizeof(entry->template));
strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
result = ima_store_template(entry, violation, inode);
result = ima_store_template(entry, violation, inode, filename);
if (result < 0)
kfree(entry);
err_out:
@ -248,7 +249,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
(strlen(filename) > IMA_EVENT_NAME_LEN_MAX) ?
file->f_dentry->d_name.name : filename);
result = ima_store_template(entry, violation, inode);
result = ima_store_template(entry, violation, inode, filename);
if (!result || result == -EEXIST)
iint->flags |= IMA_MEASURED;
if (result < 0)