From 16cac49f727621c6b0467ffe15ed72c2febb1296 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Thu, 13 Dec 2012 11:15:04 -0500 Subject: ima: rename FILE_MMAP to MMAP_CHECK Rename FILE_MMAP hook to MMAP_CHECK to be consistent with the other hook names. Signed-off-by: Mimi Zohar --- security/integrity/ima/ima_api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'security/integrity/ima/ima_api.c') diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 0cea3db21657..fc722b44c416 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -100,12 +100,12 @@ err_out: * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to inode to measure * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) - * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP, MODULE_CHECK) + * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK) * * The policy is defined in terms of keypairs: * subj=, obj=, type=, func=, mask=, fsmagic= * subj,obj, and type: are LSM specific. - * func: FILE_CHECK | BPRM_CHECK | FILE_MMAP | MODULE_CHECK + * func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK * mask: contains the permission mask * fsmagic: hex value * -- cgit v1.2.3 From ea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0 Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Tue, 4 Sep 2012 00:40:17 +0300 Subject: ima: move full pathname resolution to separate function Define a new function ima_d_path(), which returns the full pathname. This function will be used further, for example, by the directory verification code. Signed-off-by: Dmitry Kasatkin Signed-off-by: Mimi Zohar --- security/integrity/ima/ima_api.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'security/integrity/ima/ima_api.c') diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index fc722b44c416..9382a4c568b2 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -237,3 +237,20 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, iint->flags |= IMA_AUDITED; } + +const char *ima_d_path(struct path *path, char **pathbuf) +{ + char *pathname = NULL; + + /* We will allow 11 spaces for ' (deleted)' to be appended */ + *pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL); + if (*pathbuf) { + pathname = d_path(path, *pathbuf, PATH_MAX + 11); + if (IS_ERR(pathname)) { + kfree(*pathbuf); + *pathbuf = NULL; + pathname = NULL; + } + } + return pathname; +} -- cgit v1.2.3 From 50af554466804bf51a52fa3d1d0a76f96bd33929 Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Mon, 14 May 2012 14:13:56 +0300 Subject: ima: rename hash calculation functions Rename hash calculation functions to reflect meaning and change argument order in conventional way. Signed-off-by: Dmitry Kasatkin Signed-off-by: Mimi Zohar --- security/integrity/ima/ima_api.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'security/integrity/ima/ima_api.c') diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 9382a4c568b2..d9030b29d84d 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -50,8 +50,8 @@ int ima_store_template(struct ima_template_entry *entry, entry->template_len = sizeof(entry->template); if (!violation) { - result = ima_calc_template_hash(entry->template_len, - &entry->template, + result = ima_calc_buffer_hash(&entry->template, + entry->template_len, entry->digest); if (result < 0) { integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, @@ -148,7 +148,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, u64 i_version = file->f_dentry->d_inode->i_version; iint->ima_xattr.type = IMA_XATTR_DIGEST; - result = ima_calc_hash(file, iint->ima_xattr.digest); + result = ima_calc_file_hash(file, iint->ima_xattr.digest); if (!result) { iint->version = i_version; iint->flags |= IMA_COLLECTED; -- cgit v1.2.3