integrity: IMA policy

Support for a user loadable policy through securityfs with support for LSM specific policy data. - free invalid rule in ima_parse_add_rule() Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2009-02-04 09:07:00 -0500
committer: James Morris <jmorris@namei.org> 2009-02-06 09:05:31 +1100
commit: 4af4662fa4a9dc62289c580337ae2506339c4729 (patch)
tree: faec95258d2456eb35515f289eb688914ce3b54f /security/integrity/ima/ima.h
parent: bab739378758a1e2b2d7ddcee7bc06cf4c591c3c (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 9c280cc73004..42706b554921 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -137,4 +137,28 @@ enum ima_hooks { PATH_CHECK = 1, FILE_MMAP, BPRM_CHECK };
 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask);
 void ima_init_policy(void);
 void ima_update_policy(void);
+int ima_parse_add_rule(char *);
+void ima_delete_rules(void);
+
+/* LSM based policy rules require audit */
+#ifdef CONFIG_IMA_LSM_RULES
+
+#define security_filter_rule_init security_audit_rule_init
+#define security_filter_rule_match security_audit_rule_match
+
+#else
+
+static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr,
+					    void **lsmrule)
+{
+	return -EINVAL;
+}
+
+static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,
+					     void *lsmrule,
+					     struct audit_context *actx)
+{
+	return -EINVAL;
+}
+#endif /* CONFIG_IMA_LSM_RULES */
 #endif
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2009-02-04 09:07:00 -0500
committer	James Morris <jmorris@namei.org>	2009-02-06 09:05:31 +1100
commit	4af4662fa4a9dc62289c580337ae2506339c4729 (patch)
tree	faec95258d2456eb35515f289eb688914ce3b54f /security/integrity/ima/ima.h
parent	bab739378758a1e2b2d7ddcee7bc06cf4c591c3c (diff)