diff options
Diffstat (limited to 'security/integrity/ima')
-rw-r--r-- | security/integrity/ima/ima_api.c | 4 | ||||
-rw-r--r-- | security/integrity/ima/ima_main.c | 2 | ||||
-rw-r--r-- | security/integrity/ima/ima_queue.c | 17 |
3 files changed, 15 insertions, 8 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index da36d2c085a..5335605571f 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
@@ -177,8 +177,8 @@ void ima_store_measurement(struct ima_iint_cache *iint, struct file *file, | |||
177 | strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX); | 177 | strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX); |
178 | 178 | ||
179 | result = ima_store_template(entry, violation, inode); | 179 | result = ima_store_template(entry, violation, inode); |
180 | if (!result) | 180 | if (!result || result == -EEXIST) |
181 | iint->flags |= IMA_MEASURED; | 181 | iint->flags |= IMA_MEASURED; |
182 | else | 182 | if (result < 0) |
183 | kfree(entry); | 183 | kfree(entry); |
184 | } | 184 | } |
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 39d66dc2b8e..26b46ff7466 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
@@ -86,7 +86,7 @@ static void ima_check_last_writer(struct ima_iint_cache *iint, | |||
86 | struct inode *inode, | 86 | struct inode *inode, |
87 | struct file *file) | 87 | struct file *file) |
88 | { | 88 | { |
89 | mode_t mode = file->f_mode; | 89 | fmode_t mode = file->f_mode; |
90 | 90 | ||
91 | mutex_lock(&iint->mutex); | 91 | mutex_lock(&iint->mutex); |
92 | if (mode & FMODE_WRITE && | 92 | if (mode & FMODE_WRITE && |
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 8e28f04a5e2..55a6271bce7 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c | |||
@@ -23,6 +23,8 @@ | |||
23 | #include <linux/slab.h> | 23 | #include <linux/slab.h> |
24 | #include "ima.h" | 24 | #include "ima.h" |
25 | 25 | ||
26 | #define AUDIT_CAUSE_LEN_MAX 32 | ||
27 | |||
26 | LIST_HEAD(ima_measurements); /* list of all measurements */ | 28 | LIST_HEAD(ima_measurements); /* list of all measurements */ |
27 | 29 | ||
28 | /* key: inode (before secure-hashing a file) */ | 30 | /* key: inode (before secure-hashing a file) */ |
@@ -94,7 +96,8 @@ static int ima_pcr_extend(const u8 *hash) | |||
94 | 96 | ||
95 | result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); | 97 | result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); |
96 | if (result != 0) | 98 | if (result != 0) |
97 | pr_err("IMA: Error Communicating to TPM chip\n"); | 99 | pr_err("IMA: Error Communicating to TPM chip, result: %d\n", |
100 | result); | ||
98 | return result; | 101 | return result; |
99 | } | 102 | } |
100 | 103 | ||
@@ -106,14 +109,16 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
106 | { | 109 | { |
107 | u8 digest[IMA_DIGEST_SIZE]; | 110 | u8 digest[IMA_DIGEST_SIZE]; |
108 | const char *audit_cause = "hash_added"; | 111 | const char *audit_cause = "hash_added"; |
112 | char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX]; | ||
109 | int audit_info = 1; | 113 | int audit_info = 1; |
110 | int result = 0; | 114 | int result = 0, tpmresult = 0; |
111 | 115 | ||
112 | mutex_lock(&ima_extend_list_mutex); | 116 | mutex_lock(&ima_extend_list_mutex); |
113 | if (!violation) { | 117 | if (!violation) { |
114 | memcpy(digest, entry->digest, sizeof digest); | 118 | memcpy(digest, entry->digest, sizeof digest); |
115 | if (ima_lookup_digest_entry(digest)) { | 119 | if (ima_lookup_digest_entry(digest)) { |
116 | audit_cause = "hash_exists"; | 120 | audit_cause = "hash_exists"; |
121 | result = -EEXIST; | ||
117 | goto out; | 122 | goto out; |
118 | } | 123 | } |
119 | } | 124 | } |
@@ -128,9 +133,11 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
128 | if (violation) /* invalidate pcr */ | 133 | if (violation) /* invalidate pcr */ |
129 | memset(digest, 0xff, sizeof digest); | 134 | memset(digest, 0xff, sizeof digest); |
130 | 135 | ||
131 | result = ima_pcr_extend(digest); | 136 | tpmresult = ima_pcr_extend(digest); |
132 | if (result != 0) { | 137 | if (tpmresult != 0) { |
133 | audit_cause = "TPM error"; | 138 | snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)", |
139 | tpmresult); | ||
140 | audit_cause = tpm_audit_cause; | ||
134 | audit_info = 0; | 141 | audit_info = 0; |
135 | } | 142 | } |
136 | out: | 143 | out: |