aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2012-12-13 11:15:04 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>2013-01-16 17:49:59 -0500
commit16cac49f727621c6b0467ffe15ed72c2febb1296 (patch)
treedc9b4914116ad2ecb1831184192470900e609a27 /security/integrity
parentb51524635b73cfa27cc393859b277cee9c042820 (diff)
ima: rename FILE_MMAP to MMAP_CHECK
Rename FILE_MMAP hook to MMAP_CHECK to be consistent with the other hook names. Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima.h2
-rw-r--r--security/integrity/ima/ima_api.c4
-rw-r--r--security/integrity/ima/ima_main.c2
-rw-r--r--security/integrity/ima/ima_policy.c7
4 files changed, 8 insertions, 7 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 3b2adb794f15..1385c5c172f7 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -127,7 +127,7 @@ struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
127struct integrity_iint_cache *integrity_iint_find(struct inode *inode); 127struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
128 128
129/* IMA policy related functions */ 129/* IMA policy related functions */
130enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK, MODULE_CHECK, POST_SETATTR }; 130enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, POST_SETATTR };
131 131
132int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, 132int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
133 int flags); 133 int flags);
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 0cea3db21657..fc722b44c416 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -100,12 +100,12 @@ err_out:
100 * ima_get_action - appraise & measure decision based on policy. 100 * ima_get_action - appraise & measure decision based on policy.
101 * @inode: pointer to inode to measure 101 * @inode: pointer to inode to measure
102 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) 102 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
103 * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP, MODULE_CHECK) 103 * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)
104 * 104 *
105 * The policy is defined in terms of keypairs: 105 * The policy is defined in terms of keypairs:
106 * subj=, obj=, type=, func=, mask=, fsmagic= 106 * subj=, obj=, type=, func=, mask=, fsmagic=
107 * subj,obj, and type: are LSM specific. 107 * subj,obj, and type: are LSM specific.
108 * func: FILE_CHECK | BPRM_CHECK | FILE_MMAP | MODULE_CHECK 108 * func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK
109 * mask: contains the permission mask 109 * mask: contains the permission mask
110 * fsmagic: hex value 110 * fsmagic: hex value
111 * 111 *
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 1cd4eb2c3b90..970693d1a320 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -228,7 +228,7 @@ int ima_file_mmap(struct file *file, unsigned long prot)
228{ 228{
229 if (file && (prot & PROT_EXEC)) 229 if (file && (prot & PROT_EXEC))
230 return process_measurement(file, file->f_dentry->d_name.name, 230 return process_measurement(file, file->f_dentry->d_name.name,
231 MAY_EXEC, FILE_MMAP); 231 MAY_EXEC, MMAP_CHECK);
232 return 0; 232 return 0;
233} 233}
234 234
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 70f888de880d..95194539d75e 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -75,7 +75,7 @@ static struct ima_rule_entry default_rules[] = {
75 {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, 75 {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},
76 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, 76 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
77 {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, 77 {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},
78 {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC, 78 {.action = MEASURE,.func = MMAP_CHECK,.mask = MAY_EXEC,
79 .flags = IMA_FUNC | IMA_MASK}, 79 .flags = IMA_FUNC | IMA_MASK},
80 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, 80 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
81 .flags = IMA_FUNC | IMA_MASK}, 81 .flags = IMA_FUNC | IMA_MASK},
@@ -448,8 +448,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
448 entry->func = FILE_CHECK; 448 entry->func = FILE_CHECK;
449 else if (strcmp(args[0].from, "MODULE_CHECK") == 0) 449 else if (strcmp(args[0].from, "MODULE_CHECK") == 0)
450 entry->func = MODULE_CHECK; 450 entry->func = MODULE_CHECK;
451 else if (strcmp(args[0].from, "FILE_MMAP") == 0) 451 else if ((strcmp(args[0].from, "FILE_MMAP") == 0)
452 entry->func = FILE_MMAP; 452 || (strcmp(args[0].from, "MMAP_CHECK") == 0))
453 entry->func = MMAP_CHECK;
453 else if (strcmp(args[0].from, "BPRM_CHECK") == 0) 454 else if (strcmp(args[0].from, "BPRM_CHECK") == 0)
454 entry->func = BPRM_CHECK; 455 entry->func = BPRM_CHECK;
455 else 456 else