diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-21 11:18:12 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2013-02-21 11:18:12 -0500 |
| commit | 33673dcb372b5d8179c22127ca71deb5f3dc7016 (patch) | |
| tree | d182e9dc6aa127375a92b5eb619d6cd2ddc23ce7 /security/integrity/ima/ima_api.c | |
| parent | fe9453a1dcb5fb146f9653267e78f4a558066f6f (diff) | |
| parent | 5b2660326039a32b28766cb4c1a8b1bdcfadc375 (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"This is basically a maintenance update for the TPM driver and EVM/IMA"
Fix up conflicts in lib/digsig.c and security/integrity/ima/ima_main.c
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (45 commits)
tpm/ibmvtpm: build only when IBM pseries is configured
ima: digital signature verification using asymmetric keys
ima: rename hash calculation functions
ima: use new crypto_shash API instead of old crypto_hash
ima: add policy support for file system uuid
evm: add file system uuid to EVM hmac
tpm_tis: check pnp_acpi_device return code
char/tpm/tpm_i2c_stm_st33: drop temporary variable for return value
char/tpm/tpm_i2c_stm_st33: remove dead assignment in tpm_st33_i2c_probe
char/tpm/tpm_i2c_stm_st33: Remove __devexit attribute
char/tpm/tpm_i2c_stm_st33: Don't use memcpy for one byte assignment
tpm_i2c_stm_st33: removed unused variables/code
TPM: Wait for TPM_ACCESS tpmRegValidSts to go high at startup
tpm: Fix cancellation of TPM commands (interrupt mode)
tpm: Fix cancellation of TPM commands (polling mode)
tpm: Store TPM vendor ID
TPM: Work around buggy TPMs that block during continue self test
tpm_i2c_stm_st33: fix oops when i2c client is unavailable
char/tpm: Use struct dev_pm_ops for power management
TPM: STMicroelectronics ST33 I2C BUILD STUFF
...
Diffstat (limited to 'security/integrity/ima/ima_api.c')
| -rw-r--r-- | security/integrity/ima/ima_api.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 0cea3db21657..d9030b29d84d 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
| @@ -50,8 +50,8 @@ int ima_store_template(struct ima_template_entry *entry, | |||
| 50 | entry->template_len = sizeof(entry->template); | 50 | entry->template_len = sizeof(entry->template); |
| 51 | 51 | ||
| 52 | if (!violation) { | 52 | if (!violation) { |
| 53 | result = ima_calc_template_hash(entry->template_len, | 53 | result = ima_calc_buffer_hash(&entry->template, |
| 54 | &entry->template, | 54 | entry->template_len, |
| 55 | entry->digest); | 55 | entry->digest); |
| 56 | if (result < 0) { | 56 | if (result < 0) { |
| 57 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, | 57 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, |
| @@ -100,12 +100,12 @@ err_out: | |||
| 100 | * ima_get_action - appraise & measure decision based on policy. | 100 | * ima_get_action - appraise & measure decision based on policy. |
| 101 | * @inode: pointer to inode to measure | 101 | * @inode: pointer to inode to measure |
| 102 | * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) | 102 | * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) |
| 103 | * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP, MODULE_CHECK) | 103 | * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK) |
| 104 | * | 104 | * |
| 105 | * The policy is defined in terms of keypairs: | 105 | * The policy is defined in terms of keypairs: |
| 106 | * subj=, obj=, type=, func=, mask=, fsmagic= | 106 | * subj=, obj=, type=, func=, mask=, fsmagic= |
| 107 | * subj,obj, and type: are LSM specific. | 107 | * subj,obj, and type: are LSM specific. |
| 108 | * func: FILE_CHECK | BPRM_CHECK | FILE_MMAP | MODULE_CHECK | 108 | * func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK |
| 109 | * mask: contains the permission mask | 109 | * mask: contains the permission mask |
| 110 | * fsmagic: hex value | 110 | * fsmagic: hex value |
| 111 | * | 111 | * |
| @@ -148,7 +148,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, | |||
| 148 | u64 i_version = file->f_dentry->d_inode->i_version; | 148 | u64 i_version = file->f_dentry->d_inode->i_version; |
| 149 | 149 | ||
| 150 | iint->ima_xattr.type = IMA_XATTR_DIGEST; | 150 | iint->ima_xattr.type = IMA_XATTR_DIGEST; |
| 151 | result = ima_calc_hash(file, iint->ima_xattr.digest); | 151 | result = ima_calc_file_hash(file, iint->ima_xattr.digest); |
| 152 | if (!result) { | 152 | if (!result) { |
| 153 | iint->version = i_version; | 153 | iint->version = i_version; |
| 154 | iint->flags |= IMA_COLLECTED; | 154 | iint->flags |= IMA_COLLECTED; |
| @@ -237,3 +237,20 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, | |||
| 237 | 237 | ||
| 238 | iint->flags |= IMA_AUDITED; | 238 | iint->flags |= IMA_AUDITED; |
| 239 | } | 239 | } |
| 240 | |||
| 241 | const char *ima_d_path(struct path *path, char **pathbuf) | ||
| 242 | { | ||
| 243 | char *pathname = NULL; | ||
| 244 | |||
| 245 | /* We will allow 11 spaces for ' (deleted)' to be appended */ | ||
| 246 | *pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL); | ||
| 247 | if (*pathbuf) { | ||
| 248 | pathname = d_path(path, *pathbuf, PATH_MAX + 11); | ||
| 249 | if (IS_ERR(pathname)) { | ||
| 250 | kfree(*pathbuf); | ||
| 251 | *pathbuf = NULL; | ||
| 252 | pathname = NULL; | ||
| 253 | } | ||
| 254 | } | ||
| 255 | return pathname; | ||
| 256 | } | ||