diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2012-12-13 11:15:04 -0500 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-01-16 17:49:59 -0500 |
| commit | 16cac49f727621c6b0467ffe15ed72c2febb1296 (patch) | |
| tree | dc9b4914116ad2ecb1831184192470900e609a27 /security | |
| parent | b51524635b73cfa27cc393859b277cee9c042820 (diff) | |
ima: rename FILE_MMAP to MMAP_CHECK
Rename FILE_MMAP hook to MMAP_CHECK to be consistent with the other
hook names.
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima.h | 2 | ||||
| -rw-r--r-- | security/integrity/ima/ima_api.c | 4 | ||||
| -rw-r--r-- | security/integrity/ima/ima_main.c | 2 | ||||
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 7 |
4 files changed, 8 insertions, 7 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3b2adb794f15..1385c5c172f7 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h | |||
| @@ -127,7 +127,7 @@ struct integrity_iint_cache *integrity_iint_insert(struct inode *inode); | |||
| 127 | struct integrity_iint_cache *integrity_iint_find(struct inode *inode); | 127 | struct integrity_iint_cache *integrity_iint_find(struct inode *inode); |
| 128 | 128 | ||
| 129 | /* IMA policy related functions */ | 129 | /* IMA policy related functions */ |
| 130 | enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK, MODULE_CHECK, POST_SETATTR }; | 130 | enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, POST_SETATTR }; |
| 131 | 131 | ||
| 132 | int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, | 132 | int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, |
| 133 | int flags); | 133 | int flags); |
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 0cea3db21657..fc722b44c416 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
| @@ -100,12 +100,12 @@ err_out: | |||
| 100 | * ima_get_action - appraise & measure decision based on policy. | 100 | * ima_get_action - appraise & measure decision based on policy. |
| 101 | * @inode: pointer to inode to measure | 101 | * @inode: pointer to inode to measure |
| 102 | * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) | 102 | * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) |
| 103 | * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP, MODULE_CHECK) | 103 | * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK) |
| 104 | * | 104 | * |
| 105 | * The policy is defined in terms of keypairs: | 105 | * The policy is defined in terms of keypairs: |
| 106 | * subj=, obj=, type=, func=, mask=, fsmagic= | 106 | * subj=, obj=, type=, func=, mask=, fsmagic= |
| 107 | * subj,obj, and type: are LSM specific. | 107 | * subj,obj, and type: are LSM specific. |
| 108 | * func: FILE_CHECK | BPRM_CHECK | FILE_MMAP | MODULE_CHECK | 108 | * func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK |
| 109 | * mask: contains the permission mask | 109 | * mask: contains the permission mask |
| 110 | * fsmagic: hex value | 110 | * fsmagic: hex value |
| 111 | * | 111 | * |
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 1cd4eb2c3b90..970693d1a320 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -228,7 +228,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) | |||
| 228 | { | 228 | { |
| 229 | if (file && (prot & PROT_EXEC)) | 229 | if (file && (prot & PROT_EXEC)) |
| 230 | return process_measurement(file, file->f_dentry->d_name.name, | 230 | return process_measurement(file, file->f_dentry->d_name.name, |
| 231 | MAY_EXEC, FILE_MMAP); | 231 | MAY_EXEC, MMAP_CHECK); |
| 232 | return 0; | 232 | return 0; |
| 233 | } | 233 | } |
| 234 | 234 | ||
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 70f888de880d..95194539d75e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -75,7 +75,7 @@ static struct ima_rule_entry default_rules[] = { | |||
| 75 | {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, | 75 | {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC}, |
| 76 | {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, | 76 | {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, |
| 77 | {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, | 77 | {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, |
| 78 | {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC, | 78 | {.action = MEASURE,.func = MMAP_CHECK,.mask = MAY_EXEC, |
| 79 | .flags = IMA_FUNC | IMA_MASK}, | 79 | .flags = IMA_FUNC | IMA_MASK}, |
| 80 | {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, | 80 | {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, |
| 81 | .flags = IMA_FUNC | IMA_MASK}, | 81 | .flags = IMA_FUNC | IMA_MASK}, |
| @@ -448,8 +448,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) | |||
| 448 | entry->func = FILE_CHECK; | 448 | entry->func = FILE_CHECK; |
| 449 | else if (strcmp(args[0].from, "MODULE_CHECK") == 0) | 449 | else if (strcmp(args[0].from, "MODULE_CHECK") == 0) |
| 450 | entry->func = MODULE_CHECK; | 450 | entry->func = MODULE_CHECK; |
| 451 | else if (strcmp(args[0].from, "FILE_MMAP") == 0) | 451 | else if ((strcmp(args[0].from, "FILE_MMAP") == 0) |
| 452 | entry->func = FILE_MMAP; | 452 | || (strcmp(args[0].from, "MMAP_CHECK") == 0)) |
| 453 | entry->func = MMAP_CHECK; | ||
| 453 | else if (strcmp(args[0].from, "BPRM_CHECK") == 0) | 454 | else if (strcmp(args[0].from, "BPRM_CHECK") == 0) |
| 454 | entry->func = BPRM_CHECK; | 455 | entry->func = BPRM_CHECK; |
| 455 | else | 456 | else |