diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-21 12:06:02 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-21 12:06:02 -0500 |
| commit | fb2e2c85375a0380d6818f153ffa2ae9ebbd055f (patch) | |
| tree | cf8498a01357c220e4d664ff67125f60146f0da3 /security/integrity/ima/ima_template_lib.c | |
| parent | ec513b16c480c6cdda1e3d597e611eafca05227b (diff) | |
| parent | 923b49ff69fcbffe6f8b2739de218c45544392a7 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris:
"Changes for this kernel include maintenance updates for Smack, SELinux
(and several networking fixes), IMA and TPM"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits)
SELinux: Fix memory leak upon loading policy
tpm/tpm-sysfs: active_show() can be static
tpm: tpm_tis: Fix compile problems with CONFIG_PM_SLEEP/CONFIG_PNP
tpm: Make tpm-dev allocate a per-file structure
tpm: Use the ops structure instead of a copy in tpm_vendor_specific
tpm: Create a tpm_class_ops structure and use it in the drivers
tpm: Pull all driver sysfs code into tpm-sysfs.c
tpm: Move sysfs functions from tpm-interface to tpm-sysfs
tpm: Pull everything related to /dev/tpmX into tpm-dev.c
char: tpm: nuvoton: remove unused variable
tpm: MAINTAINERS: Cleanup TPM Maintainers file
tpm/tpm_i2c_atmel: fix coccinelle warnings
tpm/tpm_ibmvtpm: fix unreachable code warning (smatch warning)
tpm/tpm_i2c_stm_st33: Check return code of get_burstcount
tpm/tpm_ppi: Check return value of acpi_get_name
tpm/tpm_ppi: Do not compare strcmp(a,b) == -1
ima: remove unneeded size_limit argument from ima_eventdigest_init_common()
ima: update IMA-templates.txt documentation
ima: pass HASH_ALGO__LAST as hash algo in ima_eventdigest_init()
ima: change the default hash algorithm to SHA1 in ima_eventdigest_ng_init()
...
Diffstat (limited to 'security/integrity/ima/ima_template_lib.c')
| -rw-r--r-- | security/integrity/ima/ima_template_lib.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index c38adcc910fb..1683bbf289a4 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c | |||
| @@ -162,8 +162,7 @@ void ima_show_template_sig(struct seq_file *m, enum ima_show_type show, | |||
| 162 | } | 162 | } |
| 163 | 163 | ||
| 164 | static int ima_eventdigest_init_common(u8 *digest, u32 digestsize, u8 hash_algo, | 164 | static int ima_eventdigest_init_common(u8 *digest, u32 digestsize, u8 hash_algo, |
| 165 | struct ima_field_data *field_data, | 165 | struct ima_field_data *field_data) |
| 166 | bool size_limit) | ||
| 167 | { | 166 | { |
| 168 | /* | 167 | /* |
| 169 | * digest formats: | 168 | * digest formats: |
| @@ -176,11 +175,10 @@ static int ima_eventdigest_init_common(u8 *digest, u32 digestsize, u8 hash_algo, | |||
| 176 | enum data_formats fmt = DATA_FMT_DIGEST; | 175 | enum data_formats fmt = DATA_FMT_DIGEST; |
| 177 | u32 offset = 0; | 176 | u32 offset = 0; |
| 178 | 177 | ||
| 179 | if (!size_limit) { | 178 | if (hash_algo < HASH_ALGO__LAST) { |
| 180 | fmt = DATA_FMT_DIGEST_WITH_ALGO; | 179 | fmt = DATA_FMT_DIGEST_WITH_ALGO; |
| 181 | if (hash_algo < HASH_ALGO__LAST) | 180 | offset += snprintf(buffer, CRYPTO_MAX_ALG_NAME + 1, "%s", |
| 182 | offset += snprintf(buffer, CRYPTO_MAX_ALG_NAME + 1, | 181 | hash_algo_name[hash_algo]); |
| 183 | "%s", hash_algo_name[hash_algo]); | ||
| 184 | buffer[offset] = ':'; | 182 | buffer[offset] = ':'; |
| 185 | offset += 2; | 183 | offset += 2; |
| 186 | } | 184 | } |
| @@ -243,8 +241,8 @@ int ima_eventdigest_init(struct integrity_iint_cache *iint, struct file *file, | |||
| 243 | cur_digest = hash.hdr.digest; | 241 | cur_digest = hash.hdr.digest; |
| 244 | cur_digestsize = hash.hdr.length; | 242 | cur_digestsize = hash.hdr.length; |
| 245 | out: | 243 | out: |
| 246 | return ima_eventdigest_init_common(cur_digest, cur_digestsize, -1, | 244 | return ima_eventdigest_init_common(cur_digest, cur_digestsize, |
| 247 | field_data, true); | 245 | HASH_ALGO__LAST, field_data); |
| 248 | } | 246 | } |
| 249 | 247 | ||
| 250 | /* | 248 | /* |
| @@ -255,7 +253,7 @@ int ima_eventdigest_ng_init(struct integrity_iint_cache *iint, | |||
| 255 | struct evm_ima_xattr_data *xattr_value, | 253 | struct evm_ima_xattr_data *xattr_value, |
| 256 | int xattr_len, struct ima_field_data *field_data) | 254 | int xattr_len, struct ima_field_data *field_data) |
| 257 | { | 255 | { |
| 258 | u8 *cur_digest = NULL, hash_algo = HASH_ALGO__LAST; | 256 | u8 *cur_digest = NULL, hash_algo = HASH_ALGO_SHA1; |
| 259 | u32 cur_digestsize = 0; | 257 | u32 cur_digestsize = 0; |
| 260 | 258 | ||
| 261 | /* If iint is NULL, we are recording a violation. */ | 259 | /* If iint is NULL, we are recording a violation. */ |
| @@ -268,7 +266,7 @@ int ima_eventdigest_ng_init(struct integrity_iint_cache *iint, | |||
| 268 | hash_algo = iint->ima_hash->algo; | 266 | hash_algo = iint->ima_hash->algo; |
| 269 | out: | 267 | out: |
| 270 | return ima_eventdigest_init_common(cur_digest, cur_digestsize, | 268 | return ima_eventdigest_init_common(cur_digest, cur_digestsize, |
| 271 | hash_algo, field_data, false); | 269 | hash_algo, field_data); |
| 272 | } | 270 | } |
| 273 | 271 | ||
| 274 | static int ima_eventname_init_common(struct integrity_iint_cache *iint, | 272 | static int ima_eventname_init_common(struct integrity_iint_cache *iint, |