[PATCH-v2 5/6] ima: pass template descriptor to ima_alloc_init_template()

From: Roberto Sassu
Date: Tue Nov 19 2013 - 07:36:31 EST

Next message: Roberto Sassu: "[PATCH-v2 6/6] ima: use custom template obtained from a matched policy rule"
Previous message: Arnd Bergmann: "Re: [PATCH RESEND] asm/types.h: Remove include/asm-generic/int-l64.h"
In reply to: Roberto Sassu: "[PATCH-v2 2/6] ima: added new template helper lookup_template_desc_by_fmt()"
Next in thread: Roberto Sassu: "[PATCH-v2 6/6] ima: use custom template obtained from a matched policy rule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch adds the template descriptor as a new argument to the function
ima_alloc_init_template() so that callers can specify the format of the
new measurement entry being generated.

Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx>
---
security/integrity/ima/ima.h | 6 ++++--
security/integrity/ima/ima_api.c | 15 ++++++++++-----
security/integrity/ima/ima_init.c | 3 ++-
security/integrity/ima/ima_main.c | 2 +-
4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 632d92e..fc2fbf3 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -142,13 +142,15 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len);
+ int xattr_len, struct ima_template_desc *desc);
void ima_audit_measurement(struct integrity_iint_cache *iint,
const unsigned char *filename);
int ima_alloc_init_template(struct integrity_iint_cache *iint,
struct file *file, const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len, struct ima_template_entry **entry);
+ int xattr_len,
+ struct ima_template_desc *template_desc,
+ struct ima_template_entry **entry);
int ima_store_template(struct ima_template_entry *entry, int violation,
struct inode *inode, const unsigned char *filename);
const char *ima_d_path(struct path *path, char **pathbuf);
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 8037484..444ec53 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -27,11 +27,15 @@
int ima_alloc_init_template(struct integrity_iint_cache *iint,
struct file *file, const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len, struct ima_template_entry **entry)
+ int xattr_len,
+ struct ima_template_desc *template_desc,
+ struct ima_template_entry **entry)
{
- struct ima_template_desc *template_desc = ima_template_desc_current();
int i, result = 0;

+ if (template_desc == NULL)
+ return -EINVAL;
+
*entry = kzalloc(sizeof(**entry) + template_desc->num_fields *
sizeof(struct ima_field_data), GFP_NOFS);
if (!*entry)
@@ -120,6 +124,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
{
struct ima_template_entry *entry;
struct inode *inode = file->f_dentry->d_inode;
+ struct ima_template_desc *desc = ima_template_desc_current();
int violation = 1;
int result;

@@ -127,7 +132,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
atomic_long_inc(&ima_htable.violations);

result = ima_alloc_init_template(NULL, file, filename,
- NULL, 0, &entry);
+ NULL, 0, desc, &entry);
if (result < 0) {
result = -ENOMEM;
goto err_out;
@@ -245,7 +250,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
void ima_store_measurement(struct integrity_iint_cache *iint,
struct file *file, const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len)
+ int xattr_len, struct ima_template_desc *desc)
{
const char *op = "add_template_measure";
const char *audit_cause = "ENOMEM";
@@ -258,7 +263,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
return;

result = ima_alloc_init_template(iint, file, filename,
- xattr_value, xattr_len, &entry);
+ xattr_value, xattr_len, desc, &entry);
if (result < 0) {
integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
op, audit_cause, result, 0);
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 15f34bd..3a4df15 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -44,6 +44,7 @@ static void __init ima_add_boot_aggregate(void)
{
struct ima_template_entry *entry;
struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
+ struct ima_template_desc *desc = ima_template_desc_current();
const char *op = "add_boot_aggregate";
const char *audit_cause = "ENOMEM";
int result = -ENOMEM;
@@ -69,7 +70,7 @@ static void __init ima_add_boot_aggregate(void)
}

result = ima_alloc_init_template(iint, NULL, boot_aggregate_name,
- NULL, 0, &entry);
+ NULL, 0, desc, &entry);
if (result < 0)
return;

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 149ee11..e08ce72 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -226,7 +226,7 @@ static int process_measurement(struct file *file, const char *filename,

if (action & IMA_MEASURE)
ima_store_measurement(iint, file, pathname,
- xattr_value, xattr_len);
+ xattr_value, xattr_len, template_desc);
if (action & IMA_APPRAISE_SUBMASK)
rc = ima_appraise_measurement(_func, iint, file, pathname,
xattr_value, xattr_len);
--
1.8.1.4

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Roberto Sassu: "[PATCH-v2 6/6] ima: use custom template obtained from a matched policy rule"
Previous message: Arnd Bergmann: "Re: [PATCH RESEND] asm/types.h: Remove include/asm-generic/int-l64.h"
In reply to: Roberto Sassu: "[PATCH-v2 2/6] ima: added new template helper lookup_template_desc_by_fmt()"
Next in thread: Roberto Sassu: "[PATCH-v2 6/6] ima: use custom template obtained from a matched policy rule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]