diff options
| -rw-r--r-- | security/integrity/ima/Kconfig | 3 | ||||
| -rw-r--r-- | security/integrity/ima/Makefile | 3 | ||||
| -rw-r--r-- | security/integrity/ima/ima.h | 9 | ||||
| -rw-r--r-- | security/integrity/ima/ima_audit.c | 3 |
4 files changed, 13 insertions, 5 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index 35664fe6daa1..b9c1219924f1 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig | |||
| @@ -38,8 +38,9 @@ config IMA_MEASURE_PCR_IDX | |||
| 38 | measurement list. If unsure, use the default 10. | 38 | measurement list. If unsure, use the default 10. |
| 39 | 39 | ||
| 40 | config IMA_AUDIT | 40 | config IMA_AUDIT |
| 41 | bool | 41 | bool "Enables auditing support" |
| 42 | depends on IMA | 42 | depends on IMA |
| 43 | depends on AUDIT | ||
| 43 | default y | 44 | default y |
| 44 | help | 45 | help |
| 45 | This option adds a kernel parameter 'ima_audit', which | 46 | This option adds a kernel parameter 'ima_audit', which |
diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile index 5690c021de8f..5f740f6971e1 100644 --- a/security/integrity/ima/Makefile +++ b/security/integrity/ima/Makefile | |||
| @@ -6,4 +6,5 @@ | |||
| 6 | obj-$(CONFIG_IMA) += ima.o | 6 | obj-$(CONFIG_IMA) += ima.o |
| 7 | 7 | ||
| 8 | ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \ | 8 | ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \ |
| 9 | ima_policy.o ima_audit.o | 9 | ima_policy.o |
| 10 | ima-$(CONFIG_IMA_AUDIT) += ima_audit.o | ||
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3ccf7acac6df..e7c99fd0d223 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h | |||
| @@ -61,10 +61,19 @@ struct ima_queue_entry { | |||
| 61 | }; | 61 | }; |
| 62 | extern struct list_head ima_measurements; /* list of all measurements */ | 62 | extern struct list_head ima_measurements; /* list of all measurements */ |
| 63 | 63 | ||
| 64 | #ifdef CONFIG_IMA_AUDIT | ||
| 64 | /* declarations */ | 65 | /* declarations */ |
| 65 | void integrity_audit_msg(int audit_msgno, struct inode *inode, | 66 | void integrity_audit_msg(int audit_msgno, struct inode *inode, |
| 66 | const unsigned char *fname, const char *op, | 67 | const unsigned char *fname, const char *op, |
| 67 | const char *cause, int result, int info); | 68 | const char *cause, int result, int info); |
| 69 | #else | ||
| 70 | static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, | ||
| 71 | const unsigned char *fname, | ||
| 72 | const char *op, const char *cause, | ||
| 73 | int result, int info) | ||
| 74 | { | ||
| 75 | } | ||
| 76 | #endif | ||
| 68 | 77 | ||
| 69 | /* Internal IMA function definitions */ | 78 | /* Internal IMA function definitions */ |
| 70 | int ima_init(void); | 79 | int ima_init(void); |
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c index 21e96bf188df..7a57f6769e9c 100644 --- a/security/integrity/ima/ima_audit.c +++ b/security/integrity/ima/ima_audit.c | |||
| @@ -17,8 +17,6 @@ | |||
| 17 | 17 | ||
| 18 | static int ima_audit; | 18 | static int ima_audit; |
| 19 | 19 | ||
| 20 | #ifdef CONFIG_IMA_AUDIT | ||
| 21 | |||
| 22 | /* ima_audit_setup - enable informational auditing messages */ | 20 | /* ima_audit_setup - enable informational auditing messages */ |
| 23 | static int __init ima_audit_setup(char *str) | 21 | static int __init ima_audit_setup(char *str) |
| 24 | { | 22 | { |
| @@ -29,7 +27,6 @@ static int __init ima_audit_setup(char *str) | |||
| 29 | return 1; | 27 | return 1; |
| 30 | } | 28 | } |
| 31 | __setup("ima_audit=", ima_audit_setup); | 29 | __setup("ima_audit=", ima_audit_setup); |
| 32 | #endif | ||
| 33 | 30 | ||
| 34 | void integrity_audit_msg(int audit_msgno, struct inode *inode, | 31 | void integrity_audit_msg(int audit_msgno, struct inode *inode, |
| 35 | const unsigned char *fname, const char *op, | 32 | const unsigned char *fname, const char *op, |