aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity/ima/ima_api.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/ima/ima_api.c')
-rw-r--r--security/integrity/ima/ima_api.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 0e7540863fc2..c38bbce8c6a6 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -22,6 +22,19 @@
22#include "ima.h" 22#include "ima.h"
23 23
24/* 24/*
25 * ima_free_template_entry - free an existing template entry
26 */
27void ima_free_template_entry(struct ima_template_entry *entry)
28{
29 int i;
30
31 for (i = 0; i < entry->template_desc->num_fields; i++)
32 kfree(entry->template_data[i].data);
33
34 kfree(entry);
35}
36
37/*
25 * ima_alloc_init_template - create and initialize a new template entry 38 * ima_alloc_init_template - create and initialize a new template entry
26 */ 39 */
27int ima_alloc_init_template(struct integrity_iint_cache *iint, 40int ima_alloc_init_template(struct integrity_iint_cache *iint,
@@ -37,6 +50,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
37 if (!*entry) 50 if (!*entry)
38 return -ENOMEM; 51 return -ENOMEM;
39 52
53 (*entry)->template_desc = template_desc;
40 for (i = 0; i < template_desc->num_fields; i++) { 54 for (i = 0; i < template_desc->num_fields; i++) {
41 struct ima_template_field *field = template_desc->fields[i]; 55 struct ima_template_field *field = template_desc->fields[i];
42 u32 len; 56 u32 len;
@@ -51,10 +65,9 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
51 (*entry)->template_data_len += sizeof(len); 65 (*entry)->template_data_len += sizeof(len);
52 (*entry)->template_data_len += len; 66 (*entry)->template_data_len += len;
53 } 67 }
54 (*entry)->template_desc = template_desc;
55 return 0; 68 return 0;
56out: 69out:
57 kfree(*entry); 70 ima_free_template_entry(*entry);
58 *entry = NULL; 71 *entry = NULL;
59 return result; 72 return result;
60} 73}
@@ -94,6 +107,7 @@ int ima_store_template(struct ima_template_entry *entry,
94 /* this function uses default algo */ 107 /* this function uses default algo */
95 hash.hdr.algo = HASH_ALGO_SHA1; 108 hash.hdr.algo = HASH_ALGO_SHA1;
96 result = ima_calc_field_array_hash(&entry->template_data[0], 109 result = ima_calc_field_array_hash(&entry->template_data[0],
110 entry->template_desc,
97 num_fields, &hash.hdr); 111 num_fields, &hash.hdr);
98 if (result < 0) { 112 if (result < 0) {
99 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, 113 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
@@ -133,7 +147,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
133 } 147 }
134 result = ima_store_template(entry, violation, inode, filename); 148 result = ima_store_template(entry, violation, inode, filename);
135 if (result < 0) 149 if (result < 0)
136 kfree(entry); 150 ima_free_template_entry(entry);
137err_out: 151err_out:
138 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, 152 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
139 op, cause, result, 0); 153 op, cause, result, 0);
@@ -268,7 +282,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
268 if (!result || result == -EEXIST) 282 if (!result || result == -EEXIST)
269 iint->flags |= IMA_MEASURED; 283 iint->flags |= IMA_MEASURED;
270 if (result < 0) 284 if (result < 0)
271 kfree(entry); 285 ima_free_template_entry(entry);
272} 286}
273 287
274void ima_audit_measurement(struct integrity_iint_cache *iint, 288void ima_audit_measurement(struct integrity_iint_cache *iint,
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-28 14:39:34 -0500