diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2009-05-19 13:25:57 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-05-21 19:43:41 -0400 |
| commit | b9fc745db833bbf74b4988493b8cd902a84c9415 (patch) | |
| tree | 45a15174efb3b1c3dcbe5f0dc503e790c4f6fd70 /fs | |
| parent | 932995f0ce52525b32ff5127b522c2c164de3810 (diff) | |
integrity: path_check update
- Add support in ima_path_check() for integrity checking without
incrementing the counts. (Required for nfsd.)
- rename and export opencount_get to ima_counts_get
- replace ima_shm_check calls with ima_counts_get
- export ima_path_check
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/exec.c | 5 | ||||
| -rw-r--r-- | fs/namei.c | 6 |
2 files changed, 7 insertions, 4 deletions
| @@ -130,7 +130,8 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) | |||
| 130 | MAY_READ | MAY_EXEC | MAY_OPEN); | 130 | MAY_READ | MAY_EXEC | MAY_OPEN); |
| 131 | if (error) | 131 | if (error) |
| 132 | goto exit; | 132 | goto exit; |
| 133 | error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN); | 133 | error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN, |
| 134 | IMA_COUNT_UPDATE); | ||
| 134 | if (error) | 135 | if (error) |
| 135 | goto exit; | 136 | goto exit; |
| 136 | 137 | ||
| @@ -680,7 +681,7 @@ struct file *open_exec(const char *name) | |||
| 680 | err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN); | 681 | err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN); |
| 681 | if (err) | 682 | if (err) |
| 682 | goto out_path_put; | 683 | goto out_path_put; |
| 683 | err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN); | 684 | err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN, IMA_COUNT_UPDATE); |
| 684 | if (err) | 685 | if (err) |
| 685 | goto out_path_put; | 686 | goto out_path_put; |
| 686 | 687 | ||
diff --git a/fs/namei.c b/fs/namei.c index 78f253cd2d4f..b05a2b1dea64 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -853,7 +853,8 @@ static int __link_path_walk(const char *name, struct nameidata *nd) | |||
| 853 | err = inode_permission(nd->path.dentry->d_inode, | 853 | err = inode_permission(nd->path.dentry->d_inode, |
| 854 | MAY_EXEC); | 854 | MAY_EXEC); |
| 855 | if (!err) | 855 | if (!err) |
| 856 | err = ima_path_check(&nd->path, MAY_EXEC); | 856 | err = ima_path_check(&nd->path, MAY_EXEC, |
| 857 | IMA_COUNT_UPDATE); | ||
| 857 | if (err) | 858 | if (err) |
| 858 | break; | 859 | break; |
| 859 | 860 | ||
| @@ -1515,7 +1516,8 @@ int may_open(struct path *path, int acc_mode, int flag) | |||
| 1515 | return error; | 1516 | return error; |
| 1516 | 1517 | ||
| 1517 | error = ima_path_check(path, | 1518 | error = ima_path_check(path, |
| 1518 | acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC)); | 1519 | acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC), |
| 1520 | IMA_COUNT_UPDATE); | ||
| 1519 | if (error) | 1521 | if (error) |
| 1520 | return error; | 1522 | return error; |
| 1521 | /* | 1523 | /* |