integrity: IMA policy

Support for a user loadable policy through securityfs with support for LSM specific policy data. - free invalid rule in ima_parse_add_rule() Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2009-02-04 09:07:00 -0500
committer: James Morris <jmorris@namei.org> 2009-02-05 17:05:31 -0500
commit: 4af4662fa4a9dc62289c580337ae2506339c4729 (patch)
tree: faec95258d2456eb35515f289eb688914ce3b54f /security/integrity/ima/ima.h
parent: bab739378758a1e2b2d7ddcee7bc06cf4c591c3c (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 9c280cc73004..42706b554921 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -137,4 +137,28 @@ enum ima_hooks { PATH_CHECK = 1, FILE_MMAP, BPRM_CHECK };
 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask);
 void ima_init_policy(void);
 void ima_update_policy(void);
+int ima_parse_add_rule(char *);
+void ima_delete_rules(void);
+/* LSM based policy rules require audit */
+#ifdef CONFIG_IMA_LSM_RULES
+#define security_filter_rule_init security_audit_rule_init
+#define security_filter_rule_match security_audit_rule_match
+#else
+static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr,
+                                            void **lsmrule)
+{
+        return -EINVAL;
+}
+static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,
+                                             void *lsmrule,
+                                             struct audit_context *actx)
+{
+        return -EINVAL;
+}
+#endif /* CONFIG_IMA_LSM_RULES */
 #endif
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2009-02-04 09:07:00 -0500
committer	James Morris <jmorris@namei.org>	2009-02-05 17:05:31 -0500
commit	4af4662fa4a9dc62289c580337ae2506339c4729 (patch)
tree	faec95258d2456eb35515f289eb688914ce3b54f /security/integrity/ima/ima.h
parent	bab739378758a1e2b2d7ddcee7bc06cf4c591c3c (diff)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 9c280cc73004..42706b554921 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h
@@ -137,4 +137,28 @@ enum ima_hooks { PATH_CHECK = 1, FILE_MMAP, BPRM_CHECK };
137	int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask);	137	int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask);
138	void ima_init_policy(void);	138	void ima_init_policy(void);
139	void ima_update_policy(void);	139	void ima_update_policy(void);
		140	int ima_parse_add_rule(char *);
		141	void ima_delete_rules(void);
		142
		143	/* LSM based policy rules require audit */
		144	#ifdef CONFIG_IMA_LSM_RULES
		145
		146	#define security_filter_rule_init security_audit_rule_init
		147	#define security_filter_rule_match security_audit_rule_match
		148
		149	#else
		150
		151	static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr,
		152	void **lsmrule)
		153	{
		154	return -EINVAL;
		155	}
		156
		157	static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,
		158	void *lsmrule,
		159	struct audit_context *actx)
		160	{
		161	return -EINVAL;
		162	}
		163	#endif /* CONFIG_IMA_LSM_RULES */
140	#endif	164	#endif