diff options
Diffstat (limited to 'security/integrity/ima/ima_api.c')
| -rw-r--r-- | security/integrity/ima/ima_api.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 5fcc80695d87..0e7540863fc2 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
| @@ -26,7 +26,8 @@ | |||
| 26 | */ | 26 | */ |
| 27 | int ima_alloc_init_template(struct integrity_iint_cache *iint, | 27 | int ima_alloc_init_template(struct integrity_iint_cache *iint, |
| 28 | struct file *file, const unsigned char *filename, | 28 | struct file *file, const unsigned char *filename, |
| 29 | struct ima_template_entry **entry) | 29 | struct evm_ima_xattr_data *xattr_value, |
| 30 | int xattr_len, struct ima_template_entry **entry) | ||
| 30 | { | 31 | { |
| 31 | struct ima_template_desc *template_desc = ima_template_desc_current(); | 32 | struct ima_template_desc *template_desc = ima_template_desc_current(); |
| 32 | int i, result = 0; | 33 | int i, result = 0; |
| @@ -41,6 +42,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint, | |||
| 41 | u32 len; | 42 | u32 len; |
| 42 | 43 | ||
| 43 | result = field->field_init(iint, file, filename, | 44 | result = field->field_init(iint, file, filename, |
| 45 | xattr_value, xattr_len, | ||
| 44 | &((*entry)->template_data[i])); | 46 | &((*entry)->template_data[i])); |
| 45 | if (result != 0) | 47 | if (result != 0) |
| 46 | goto out; | 48 | goto out; |
| @@ -123,7 +125,8 @@ void ima_add_violation(struct file *file, const unsigned char *filename, | |||
| 123 | /* can overflow, only indicator */ | 125 | /* can overflow, only indicator */ |
| 124 | atomic_long_inc(&ima_htable.violations); | 126 | atomic_long_inc(&ima_htable.violations); |
| 125 | 127 | ||
| 126 | result = ima_alloc_init_template(NULL, file, filename, &entry); | 128 | result = ima_alloc_init_template(NULL, file, filename, |
| 129 | NULL, 0, &entry); | ||
| 127 | if (result < 0) { | 130 | if (result < 0) { |
| 128 | result = -ENOMEM; | 131 | result = -ENOMEM; |
| 129 | goto err_out; | 132 | goto err_out; |
| @@ -239,7 +242,9 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, | |||
| 239 | * Must be called with iint->mutex held. | 242 | * Must be called with iint->mutex held. |
| 240 | */ | 243 | */ |
| 241 | void ima_store_measurement(struct integrity_iint_cache *iint, | 244 | void ima_store_measurement(struct integrity_iint_cache *iint, |
| 242 | struct file *file, const unsigned char *filename) | 245 | struct file *file, const unsigned char *filename, |
| 246 | struct evm_ima_xattr_data *xattr_value, | ||
| 247 | int xattr_len) | ||
| 243 | { | 248 | { |
| 244 | const char *op = "add_template_measure"; | 249 | const char *op = "add_template_measure"; |
| 245 | const char *audit_cause = "ENOMEM"; | 250 | const char *audit_cause = "ENOMEM"; |
| @@ -251,7 +256,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint, | |||
| 251 | if (iint->flags & IMA_MEASURED) | 256 | if (iint->flags & IMA_MEASURED) |
| 252 | return; | 257 | return; |
| 253 | 258 | ||
| 254 | result = ima_alloc_init_template(iint, file, filename, &entry); | 259 | result = ima_alloc_init_template(iint, file, filename, |
| 260 | xattr_value, xattr_len, &entry); | ||
| 255 | if (result < 0) { | 261 | if (result < 0) { |
| 256 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, | 262 | integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, |
| 257 | op, audit_cause, result, 0); | 263 | op, audit_cause, result, 0); |