ima_fs.c (bab739378758a1e2b2d7ddcee7bc06cf4c591c3c) ima_fs.c (4af4662fa4a9dc62289c580337ae2506339c4729)
1/*
2 * Copyright (C) 2005,2006,2007,2008 IBM Corporation
3 *
4 * Authors:
5 * Kylene Hall <kjhall@us.ibm.com>
6 * Reiner Sailer <sailer@us.ibm.com>
7 * Mimi Zohar <zohar@us.ibm.com>
8 *

--- 5 unchanged lines hidden (view full) ---

14 * File: ima_fs.c
15 * implemenents security file system for reporting
16 * current measurement list and IMA statistics
17 */
18#include <linux/module.h>
19#include <linux/seq_file.h>
20#include <linux/rculist.h>
21#include <linux/rcupdate.h>
1/*
2 * Copyright (C) 2005,2006,2007,2008 IBM Corporation
3 *
4 * Authors:
5 * Kylene Hall <kjhall@us.ibm.com>
6 * Reiner Sailer <sailer@us.ibm.com>
7 * Mimi Zohar <zohar@us.ibm.com>
8 *

--- 5 unchanged lines hidden (view full) ---

14 * File: ima_fs.c
15 * implemenents security file system for reporting
16 * current measurement list and IMA statistics
17 */
18#include <linux/module.h>
19#include <linux/seq_file.h>
20#include <linux/rculist.h>
21#include <linux/rcupdate.h>
22#include <linux/parser.h>
22
23#include "ima.h"
24
23
24#include "ima.h"
25
26static int valid_policy = 1;
25#define TMPBUFLEN 12
26static ssize_t ima_show_htable_value(char __user *buf, size_t count,
27 loff_t *ppos, atomic_long_t *val)
28{
29 char tmpbuf[TMPBUFLEN];
30 ssize_t len;
31
32 len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));

--- 199 unchanged lines hidden (view full) ---

232
233static struct file_operations ima_ascii_measurements_ops = {
234 .open = ima_ascii_measurements_open,
235 .read = seq_read,
236 .llseek = seq_lseek,
237 .release = seq_release,
238};
239
27#define TMPBUFLEN 12
28static ssize_t ima_show_htable_value(char __user *buf, size_t count,
29 loff_t *ppos, atomic_long_t *val)
30{
31 char tmpbuf[TMPBUFLEN];
32 ssize_t len;
33
34 len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));

--- 199 unchanged lines hidden (view full) ---

234
235static struct file_operations ima_ascii_measurements_ops = {
236 .open = ima_ascii_measurements_open,
237 .read = seq_read,
238 .llseek = seq_lseek,
239 .release = seq_release,
240};
241
242static ssize_t ima_write_policy(struct file *file, const char __user *buf,
243 size_t datalen, loff_t *ppos)
244{
245 char *data;
246 int rc;
247
248 if (datalen >= PAGE_SIZE)
249 return -ENOMEM;
250 if (*ppos != 0) {
251 /* No partial writes. */
252 return -EINVAL;
253 }
254 data = kmalloc(datalen + 1, GFP_KERNEL);
255 if (!data)
256 return -ENOMEM;
257
258 if (copy_from_user(data, buf, datalen)) {
259 kfree(data);
260 return -EFAULT;
261 }
262 *(data + datalen) = '\0';
263 rc = ima_parse_add_rule(data);
264 if (rc < 0) {
265 datalen = -EINVAL;
266 valid_policy = 0;
267 }
268
269 kfree(data);
270 return datalen;
271}
272
240static struct dentry *ima_dir;
241static struct dentry *binary_runtime_measurements;
242static struct dentry *ascii_runtime_measurements;
243static struct dentry *runtime_measurements_count;
244static struct dentry *violations;
273static struct dentry *ima_dir;
274static struct dentry *binary_runtime_measurements;
275static struct dentry *ascii_runtime_measurements;
276static struct dentry *runtime_measurements_count;
277static struct dentry *violations;
278static struct dentry *ima_policy;
245
279
280/*
281 * ima_release_policy - start using the new measure policy rules.
282 *
283 * Initially, ima_measure points to the default policy rules, now
284 * point to the new policy rules, and remove the securityfs policy file.
285 */
286static int ima_release_policy(struct inode *inode, struct file *file)
287{
288 if (!valid_policy) {
289 ima_delete_rules();
290 return 0;
291 }
292 ima_update_policy();
293 securityfs_remove(ima_policy);
294 ima_policy = NULL;
295 return 0;
296}
297
298static struct file_operations ima_measure_policy_ops = {
299 .write = ima_write_policy,
300 .release = ima_release_policy
301};
302
246int ima_fs_init(void)
247{
248 ima_dir = securityfs_create_dir("ima", NULL);
249 if (IS_ERR(ima_dir))
250 return -1;
251
252 binary_runtime_measurements =
253 securityfs_create_file("binary_runtime_measurements",

--- 17 unchanged lines hidden (view full) ---

271 goto out;
272
273 violations =
274 securityfs_create_file("violations", S_IRUSR | S_IRGRP,
275 ima_dir, NULL, &ima_htable_violations_ops);
276 if (IS_ERR(violations))
277 goto out;
278
303int ima_fs_init(void)
304{
305 ima_dir = securityfs_create_dir("ima", NULL);
306 if (IS_ERR(ima_dir))
307 return -1;
308
309 binary_runtime_measurements =
310 securityfs_create_file("binary_runtime_measurements",

--- 17 unchanged lines hidden (view full) ---

328 goto out;
329
330 violations =
331 securityfs_create_file("violations", S_IRUSR | S_IRGRP,
332 ima_dir, NULL, &ima_htable_violations_ops);
333 if (IS_ERR(violations))
334 goto out;
335
279 return 0;
336 ima_policy = securityfs_create_file("policy",
337 S_IRUSR | S_IRGRP | S_IWUSR,
338 ima_dir, NULL,
339 &ima_measure_policy_ops);
340 if (IS_ERR(ima_policy))
341 goto out;
280
342
343 return 0;
281out:
282 securityfs_remove(runtime_measurements_count);
283 securityfs_remove(ascii_runtime_measurements);
284 securityfs_remove(binary_runtime_measurements);
285 securityfs_remove(ima_dir);
344out:
345 securityfs_remove(runtime_measurements_count);
346 securityfs_remove(ascii_runtime_measurements);
347 securityfs_remove(binary_runtime_measurements);
348 securityfs_remove(ima_dir);
349 securityfs_remove(ima_policy);
286 return -1;
287}
288
289void __exit ima_fs_cleanup(void)
290{
291 securityfs_remove(violations);
292 securityfs_remove(runtime_measurements_count);
293 securityfs_remove(ascii_runtime_measurements);
294 securityfs_remove(binary_runtime_measurements);
295 securityfs_remove(ima_dir);
350 return -1;
351}
352
353void __exit ima_fs_cleanup(void)
354{
355 securityfs_remove(violations);
356 securityfs_remove(runtime_measurements_count);
357 securityfs_remove(ascii_runtime_measurements);
358 securityfs_remove(binary_runtime_measurements);
359 securityfs_remove(ima_dir);
360 securityfs_remove(ima_policy);
296}
361}