aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity/ima
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/ima')
-rw-r--r--security/integrity/ima/ima_api.c4
-rw-r--r--security/integrity/ima/ima_main.c2
-rw-r--r--security/integrity/ima/ima_queue.c17
3 files changed, 15 insertions, 8 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index da36d2c085a..5335605571f 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -177,8 +177,8 @@ void ima_store_measurement(struct ima_iint_cache *iint, struct file *file,
177 strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX); 177 strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
178 178
179 result = ima_store_template(entry, violation, inode); 179 result = ima_store_template(entry, violation, inode);
180 if (!result) 180 if (!result || result == -EEXIST)
181 iint->flags |= IMA_MEASURED; 181 iint->flags |= IMA_MEASURED;
182 else 182 if (result < 0)
183 kfree(entry); 183 kfree(entry);
184} 184}
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 39d66dc2b8e..26b46ff7466 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -86,7 +86,7 @@ static void ima_check_last_writer(struct ima_iint_cache *iint,
86 struct inode *inode, 86 struct inode *inode,
87 struct file *file) 87 struct file *file)
88{ 88{
89 mode_t mode = file->f_mode; 89 fmode_t mode = file->f_mode;
90 90
91 mutex_lock(&iint->mutex); 91 mutex_lock(&iint->mutex);
92 if (mode & FMODE_WRITE && 92 if (mode & FMODE_WRITE &&
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 8e28f04a5e2..55a6271bce7 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -23,6 +23,8 @@
23#include <linux/slab.h> 23#include <linux/slab.h>
24#include "ima.h" 24#include "ima.h"
25 25
26#define AUDIT_CAUSE_LEN_MAX 32
27
26LIST_HEAD(ima_measurements); /* list of all measurements */ 28LIST_HEAD(ima_measurements); /* list of all measurements */
27 29
28/* key: inode (before secure-hashing a file) */ 30/* key: inode (before secure-hashing a file) */
@@ -94,7 +96,8 @@ static int ima_pcr_extend(const u8 *hash)
94 96
95 result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); 97 result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
96 if (result != 0) 98 if (result != 0)
97 pr_err("IMA: Error Communicating to TPM chip\n"); 99 pr_err("IMA: Error Communicating to TPM chip, result: %d\n",
100 result);
98 return result; 101 return result;
99} 102}
100 103
@@ -106,14 +109,16 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
106{ 109{
107 u8 digest[IMA_DIGEST_SIZE]; 110 u8 digest[IMA_DIGEST_SIZE];
108 const char *audit_cause = "hash_added"; 111 const char *audit_cause = "hash_added";
112 char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
109 int audit_info = 1; 113 int audit_info = 1;
110 int result = 0; 114 int result = 0, tpmresult = 0;
111 115
112 mutex_lock(&ima_extend_list_mutex); 116 mutex_lock(&ima_extend_list_mutex);
113 if (!violation) { 117 if (!violation) {
114 memcpy(digest, entry->digest, sizeof digest); 118 memcpy(digest, entry->digest, sizeof digest);
115 if (ima_lookup_digest_entry(digest)) { 119 if (ima_lookup_digest_entry(digest)) {
116 audit_cause = "hash_exists"; 120 audit_cause = "hash_exists";
121 result = -EEXIST;
117 goto out; 122 goto out;
118 } 123 }
119 } 124 }
@@ -128,9 +133,11 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
128 if (violation) /* invalidate pcr */ 133 if (violation) /* invalidate pcr */
129 memset(digest, 0xff, sizeof digest); 134 memset(digest, 0xff, sizeof digest);
130 135
131 result = ima_pcr_extend(digest); 136 tpmresult = ima_pcr_extend(digest);
132 if (result != 0) { 137 if (tpmresult != 0) {
133 audit_cause = "TPM error"; 138 snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
139 tpmresult);
140 audit_cause = tpm_audit_cause;
134 audit_info = 0; 141 audit_info = 0;
135 } 142 }
136out: 143out: