ima_api.c - OpenGrok cross reference for /linux/security/integrity/ima/ima

Deleted Added

sdiffudifftextold (bf61c884..)new (c7c8bb23..)

ima_api.c (bf61c8840efe60fd8f91446860b63338fb424158)	ima_api.c (c7c8bb237fdbff932b5e431aebee5ce862ea07d1)
1/* 2 * Copyright (C) 2008 IBM Corporation 3 * 4 * Author: Mimi Zohar <zohar@us.ibm.com> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License as 8 * published by the Free Software Foundation, version 2 of the --- 30 unchanged lines hidden (view full) --- 39 * Returns 0 on success, error code otherwise 40 / 41int ima_store_template(struct ima_template_entry entry, 42 int violation, struct inode inode) 43{ 44 const char op = "add_template_measure"; 45 const char *audit_cause = "hashing_error"; 46 int result;	1/* 2 * Copyright (C) 2008 IBM Corporation 3 * 4 * Author: Mimi Zohar <zohar@us.ibm.com> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License as 8 * published by the Free Software Foundation, version 2 of the --- 30 unchanged lines hidden (view full) --- 39 * Returns 0 on success, error code otherwise 40 / 41int ima_store_template(struct ima_template_entry entry, 42 int violation, struct inode inode) 43{ 44 const char op = "add_template_measure"; 45 const char *audit_cause = "hashing_error"; 46 int result;
	47 struct ima_digest_data hash;
47 48 memset(entry->digest, 0, sizeof(entry->digest)); 49 entry->template_name = IMA_TEMPLATE_NAME; 50 entry->template_len = sizeof(entry->template); 51 52 if (!violation) { 53 result = ima_calc_buffer_hash(&entry->template,	48 49 memset(entry->digest, 0, sizeof(entry->digest)); 50 entry->template_name = IMA_TEMPLATE_NAME; 51 entry->template_len = sizeof(entry->template); 52 53 if (!violation) { 54 result = ima_calc_buffer_hash(&entry->template,
54 entry->template_len, 55 entry->digest);	55 entry->template_len, &hash);
56 if (result < 0) { 57 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, 58 entry->template_name, op, 59 audit_cause, result, 0); 60 return result; 61 }	56 if (result < 0) { 57 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, 58 entry->template_name, op, 59 audit_cause, result, 0); 60 return result; 61 }
	62 memcpy(entry->digest, hash.digest, hash.length);
62 } 63 result = ima_add_template_entry(entry, violation, op, inode); 64 return result; 65} 66 67/* 68 * ima_add_violation - add violation to measurement list. 69 * --- 72 unchanged lines hidden (view full) --- 142{ 143 struct inode inode = file_inode(file); 144 const char filename = file->f_dentry->d_name.name; 145 int result = 0; 146 147 if (!(iint->flags & IMA_COLLECTED)) { 148 u64 i_version = file_inode(file)->i_version; 149	63 } 64 result = ima_add_template_entry(entry, violation, op, inode); 65 return result; 66} 67 68/* 69 * ima_add_violation - add violation to measurement list. 70 * --- 72 unchanged lines hidden (view full) --- 143{ 144 struct inode inode = file_inode(file); 145 const char filename = file->f_dentry->d_name.name; 146 int result = 0; 147 148 if (!(iint->flags & IMA_COLLECTED)) { 149 u64 i_version = file_inode(file)->i_version; 150
150 iint->ima_xattr.type = IMA_XATTR_DIGEST; 151 result = ima_calc_file_hash(file, iint->ima_xattr.digest);	151 /* use default hash algorithm */ 152 iint->ima_hash.algo = ima_hash_algo; 153 result = ima_calc_file_hash(file, &iint->ima_hash);
152 if (!result) { 153 iint->version = i_version; 154 iint->flags \|= IMA_COLLECTED; 155 } 156 } 157 if (result) 158 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, 159 filename, "collect_data", "failed", --- 31 unchanged lines hidden (view full) --- 191 192 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 193 if (!entry) { 194 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, 195 op, audit_cause, result, 0); 196 return; 197 } 198 memset(&entry->template, 0, sizeof(entry->template));	154 if (!result) { 155 iint->version = i_version; 156 iint->flags \|= IMA_COLLECTED; 157 } 158 } 159 if (result) 160 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, 161 filename, "collect_data", "failed", --- 31 unchanged lines hidden (view full) --- 193 194 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 195 if (!entry) { 196 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, 197 op, audit_cause, result, 0); 198 return; 199 } 200 memset(&entry->template, 0, sizeof(entry->template));
199 memcpy(entry->template.digest, iint->ima_xattr.digest, IMA_DIGEST_SIZE);	201 if (iint->ima_hash.algo != ima_hash_algo) { 202 struct ima_digest_data hash; 203 204 hash.algo = ima_hash_algo; 205 result = ima_calc_file_hash(file, &hash); 206 if (result) 207 integrity_audit_msg(AUDIT_INTEGRITY_DATA, inode, 208 filename, "collect_data", "failed", 209 result, 0); 210 else 211 memcpy(entry->template.digest, hash.digest, 212 hash.length); 213 } else 214 memcpy(entry->template.digest, iint->ima_hash.digest, 215 iint->ima_hash.length);
200 strcpy(entry->template.file_name, 201 (strlen(filename) > IMA_EVENT_NAME_LEN_MAX) ? 202 file->f_dentry->d_name.name : filename); 203 204 result = ima_store_template(entry, violation, inode); 205 if (!result \|\| result == -EEXIST) 206 iint->flags \|= IMA_MEASURED; 207 if (result < 0) 208 kfree(entry); 209} 210 211void ima_audit_measurement(struct integrity_iint_cache iint, 212 const unsigned char filename) 213{ 214 struct audit_buffer *ab;	216 strcpy(entry->template.file_name, 217 (strlen(filename) > IMA_EVENT_NAME_LEN_MAX) ? 218 file->f_dentry->d_name.name : filename); 219 220 result = ima_store_template(entry, violation, inode); 221 if (!result \|\| result == -EEXIST) 222 iint->flags \|= IMA_MEASURED; 223 if (result < 0) 224 kfree(entry); 225} 226 227void ima_audit_measurement(struct integrity_iint_cache iint, 228 const unsigned char filename) 229{ 230 struct audit_buffer *ab;
215 char hash[(IMA_DIGEST_SIZE * 2) + 1];	231 char hash[(iint->ima_hash.length * 2) + 1];
216 int i; 217 218 if (iint->flags & IMA_AUDITED) 219 return; 220	232 int i; 233 234 if (iint->flags & IMA_AUDITED) 235 return; 236
221 for (i = 0; i < IMA_DIGEST_SIZE; i++) 222 hex_byte_pack(hash + (i * 2), iint->ima_xattr.digest[i]);	237 for (i = 0; i < iint->ima_hash.length; i++) 238 hex_byte_pack(hash + (i * 2), iint->ima_hash.digest[i]);
223 hash[i * 2] = '\0'; 224 225 ab = audit_log_start(current->audit_context, GFP_KERNEL, 226 AUDIT_INTEGRITY_RULE); 227 if (!ab) 228 return; 229 230 audit_log_format(ab, "file="); --- 26 unchanged lines hidden ---	239 hash[i * 2] = '\0'; 240 241 ab = audit_log_start(current->audit_context, GFP_KERNEL, 242 AUDIT_INTEGRITY_RULE); 243 if (!ab) 244 return; 245 246 audit_log_format(ab, "file="); --- 26 unchanged lines hidden ---