diff options
| -rw-r--r-- | security/integrity/ima/ima.h | 5 | ||||
| -rw-r--r-- | security/integrity/ima/ima_api.c | 9 | ||||
| -rw-r--r-- | security/integrity/ima/ima_init.c | 3 | ||||
| -rw-r--r-- | security/integrity/ima/ima_queue.c | 6 |
4 files changed, 13 insertions, 10 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index d7bec6f37b61..27d2ffbd0763 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h | |||
| @@ -69,7 +69,8 @@ int ima_fs_init(void); | |||
| 69 | void ima_fs_cleanup(void); | 69 | void ima_fs_cleanup(void); |
| 70 | int ima_inode_alloc(struct inode *inode); | 70 | int ima_inode_alloc(struct inode *inode); |
| 71 | int ima_add_template_entry(struct ima_template_entry *entry, int violation, | 71 | int ima_add_template_entry(struct ima_template_entry *entry, int violation, |
| 72 | const char *op, struct inode *inode); | 72 | const char *op, struct inode *inode, |
| 73 | const unsigned char *filename); | ||
| 73 | int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); | 74 | int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash); |
| 74 | int ima_calc_buffer_hash(const void *data, int len, | 75 | int ima_calc_buffer_hash(const void *data, int len, |
| 75 | struct ima_digest_data *hash); | 76 | struct ima_digest_data *hash); |
| @@ -107,7 +108,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, | |||
| 107 | void ima_audit_measurement(struct integrity_iint_cache *iint, | 108 | void ima_audit_measurement(struct integrity_iint_cache *iint, |
| 108 | const unsigned char *filename); | 109 | const unsigned char *filename); |
| 109 | int ima_store_template(struct ima_template_entry *entry, int violation, | 110 | int ima_store_template(struct ima_template_entry *entry, int violation, |
| 110 | struct inode *inode); | 111 | struct inode *inode, const unsigned char *filename); |
| 111 | void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show); | 112 | void ima_template_show(struct seq_file *m, void *e, enum ima_show_type show); |
| 112 | const char *ima_d_path(struct path *path, char **pathbuf); | 113 | const char *ima_d_path(struct path *path, char **pathbuf); |
| 113 | 114 | ||
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 98160a3259fe..a0fe5041310a 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
| @@ -40,7 +40,8 @@ static const char *IMA_TEMPLATE_NAME = "ima"; | |||
| 40 | * Returns 0 on success, error code otherwise | 40 | * Returns 0 on success, error code otherwise |
| 41 | */ | 41 | */ |
| 42 | int ima_store_template(struct ima_template_entry *entry, | 42 | int ima_store_template(struct ima_template_entry *entry, |
| 43 | int violation, struct inode *inode) | 43 | int violation, struct inode *inode, |
| 44 | const unsigned char *filename) | ||
| 44 | { | 45 | { |
| 45 | const char *op = "add_template_measure"; | 46 | const char *op = "add_template_measure"; |
| 46 | const char *audit_cause = "hashing_error"; | 47 | const char *audit_cause = "hashing_error"; |
| @@ -67,7 +68,7 @@ int ima_store_template(struct ima_template_entry *entry, | |||
| 67 | } | 68 | } |
| 68 | memcpy(entry->digest, hash.hdr.digest, hash.hdr.length); | 69 | memcpy(entry->digest, hash.hdr.digest, hash.hdr.length); |
| 69 | } | 70 | } |
| 70 | result = ima_add_template_entry(entry, violation, op, inode); | 71 | result = ima_add_template_entry(entry, violation, op, inode, filename); |
| 71 | return result; | 72 | return result; |
| 72 | } | 73 | } |
| 73 | 74 | ||
| @@ -96,7 +97,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, | |||
| 96 | } | 97 | } |
| 97 | memset(&entry->template, 0, sizeof(entry->template)); | 98 | memset(&entry->template, 0, sizeof(entry->template)); |
| 98 | strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX); | 99 | strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX); |
| 99 | result = ima_store_template(entry, violation, inode); | 100 | result = ima_store_template(entry, violation, inode, filename); |
| 100 | if (result < 0) | 101 | if (result < 0) |
| 101 | kfree(entry); | 102 | kfree(entry); |
| 102 | err_out: | 103 | err_out: |
| @@ -248,7 +249,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, | |||
| 248 | (strlen(filename) > IMA_EVENT_NAME_LEN_MAX) ? | 249 | (strlen(filename) > IMA_EVENT_NAME_LEN_MAX) ? |
| 249 | file->f_dentry->d_name.name : filename); | 250 | file->f_dentry->d_name.name : filename); |
| 250 | 251 | ||
| 251 | result = ima_store_template(entry, violation, inode); | 252 | result = ima_store_template(entry, violation, inode, filename); |
| 252 | if (!result || result == -EEXIST) | 253 | if (!result || result == -EEXIST) |
| 253 | iint->flags |= IMA_MEASURED; | 254 | iint->flags |= IMA_MEASURED; |
| 254 | if (result < 0) | 255 | if (result < 0) |
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 77cd5005f2db..d42fac308aaa 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c | |||
| @@ -71,7 +71,8 @@ static void __init ima_add_boot_aggregate(void) | |||
| 71 | memcpy(entry->template.digest, hash.hdr.digest, | 71 | memcpy(entry->template.digest, hash.hdr.digest, |
| 72 | hash.hdr.length); | 72 | hash.hdr.length); |
| 73 | } | 73 | } |
| 74 | result = ima_store_template(entry, violation, NULL); | 74 | result = ima_store_template(entry, violation, NULL, |
| 75 | boot_aggregate_name); | ||
| 75 | if (result < 0) | 76 | if (result < 0) |
| 76 | kfree(entry); | 77 | kfree(entry); |
| 77 | return; | 78 | return; |
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index e63ff3369f10..d85e99761f4f 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c | |||
| @@ -104,7 +104,8 @@ static int ima_pcr_extend(const u8 *hash) | |||
| 104 | * and extend the pcr. | 104 | * and extend the pcr. |
| 105 | */ | 105 | */ |
| 106 | int ima_add_template_entry(struct ima_template_entry *entry, int violation, | 106 | int ima_add_template_entry(struct ima_template_entry *entry, int violation, |
| 107 | const char *op, struct inode *inode) | 107 | const char *op, struct inode *inode, |
| 108 | const unsigned char *filename) | ||
| 108 | { | 109 | { |
| 109 | u8 digest[TPM_DIGEST_SIZE]; | 110 | u8 digest[TPM_DIGEST_SIZE]; |
| 110 | const char *audit_cause = "hash_added"; | 111 | const char *audit_cause = "hash_added"; |
| @@ -141,8 +142,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
| 141 | } | 142 | } |
| 142 | out: | 143 | out: |
| 143 | mutex_unlock(&ima_extend_list_mutex); | 144 | mutex_unlock(&ima_extend_list_mutex); |
| 144 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, | 145 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, |
| 145 | entry->template.file_name, | ||
| 146 | op, audit_cause, result, audit_info); | 146 | op, audit_cause, result, audit_info); |
| 147 | return result; | 147 | return result; |
| 148 | } | 148 | } |