diff options
| author | Roberto Sassu <roberto.sassu@polito.it> | 2013-06-07 06:16:26 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-10-25 17:17:02 -0400 |
| commit | 7d802a227b7f26c89f13dab09767e6b0aebd9c9f (patch) | |
| tree | 755c29562e348bc3b3f30c5a402d00d8eea77b75 /security/integrity | |
| parent | 09ef54359c4ad49c01a12503b2c510b424ecf059 (diff) | |
ima: pass the file descriptor to ima_add_violation()
Pass the file descriptor instead of the inode to ima_add_violation(),
to make the latter consistent with ima_store_measurement() in
preparation for the new template architecture.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
| -rw-r--r-- | security/integrity/ima/ima.h | 2 | ||||
| -rw-r--r-- | security/integrity/ima/ima_api.c | 3 | ||||
| -rw-r--r-- | security/integrity/ima/ima_main.c | 5 |
3 files changed, 5 insertions, 5 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index e0e1cde6e674..d7bec6f37b61 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h | |||
| @@ -74,7 +74,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); | |||
| 74 | int ima_calc_buffer_hash(const void *data, int len, | 74 | int ima_calc_buffer_hash(const void *data, int len, |
| 75 | struct ima_digest_data *hash); | 75 | struct ima_digest_data *hash); |
| 76 | int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); | 76 | int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); |
| 77 | void ima_add_violation(struct inode *inode, const unsigned char *filename, | 77 | void ima_add_violation(struct file *file, const unsigned char *filename, |
| 78 | const char *op, const char *cause); | 78 | const char *op, const char *cause); |
| 79 | int ima_init_crypto(void); | 79 | int ima_init_crypto(void); |
| 80 | 80 | ||
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index bc1d1282a06f..98160a3259fe 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
| @@ -78,10 +78,11 @@ int ima_store_template(struct ima_template_entry *entry, | |||
| 78 | * By extending the PCR with 0xFF's instead of with zeroes, the PCR | 78 | * By extending the PCR with 0xFF's instead of with zeroes, the PCR |
| 79 | * value is invalidated. | 79 | * value is invalidated. |
| 80 | */ | 80 | */ |
| 81 | void ima_add_violation(struct inode *inode, const unsigned char *filename, | 81 | void ima_add_violation(struct file *file, const unsigned char *filename, |
| 82 | const char *op, const char *cause) | 82 | const char *op, const char *cause) |
| 83 | { | 83 | { |
| 84 | struct ima_template_entry *entry; | 84 | struct ima_template_entry *entry; |
| 85 | struct inode *inode = file->f_dentry->d_inode; | ||
| 85 | int violation = 1; | 86 | int violation = 1; |
| 86 | int result; | 87 | int result; |
| 87 | 88 | ||
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 95b5df2c6501..5e8b1f7becd2 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -94,10 +94,9 @@ out: | |||
| 94 | pathname = dentry->d_name.name; | 94 | pathname = dentry->d_name.name; |
| 95 | 95 | ||
| 96 | if (send_tomtou) | 96 | if (send_tomtou) |
| 97 | ima_add_violation(inode, pathname, | 97 | ima_add_violation(file, pathname, "invalid_pcr", "ToMToU"); |
| 98 | "invalid_pcr", "ToMToU"); | ||
| 99 | if (send_writers) | 98 | if (send_writers) |
| 100 | ima_add_violation(inode, pathname, | 99 | ima_add_violation(file, pathname, |
| 101 | "invalid_pcr", "open_writers"); | 100 | "invalid_pcr", "open_writers"); |
| 102 | kfree(pathbuf); | 101 | kfree(pathbuf); |
| 103 | } | 102 | } |