diff options
Diffstat (limited to 'security/integrity/ima/ima_policy.c')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 23810e0bfc68..b5291ad5ef56 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -12,7 +12,6 @@ | |||
| 12 | */ | 12 | */ |
| 13 | #include <linux/module.h> | 13 | #include <linux/module.h> |
| 14 | #include <linux/list.h> | 14 | #include <linux/list.h> |
| 15 | #include <linux/audit.h> | ||
| 16 | #include <linux/security.h> | 15 | #include <linux/security.h> |
| 17 | #include <linux/magic.h> | 16 | #include <linux/magic.h> |
| 18 | #include <linux/parser.h> | 17 | #include <linux/parser.h> |
| @@ -239,8 +238,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 239 | char *p; | 238 | char *p; |
| 240 | int result = 0; | 239 | int result = 0; |
| 241 | 240 | ||
| 242 | ab = audit_log_start(current->audit_context, GFP_KERNEL, | 241 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); |
| 243 | AUDIT_INTEGRITY_STATUS); | ||
| 244 | 242 | ||
| 245 | entry->action = -1; | 243 | entry->action = -1; |
| 246 | while ((p = strsep(&rule, " \n")) != NULL) { | 244 | while ((p = strsep(&rule, " \n")) != NULL) { |
| @@ -345,15 +343,14 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 345 | AUDIT_SUBJ_TYPE); | 343 | AUDIT_SUBJ_TYPE); |
| 346 | break; | 344 | break; |
| 347 | case Opt_err: | 345 | case Opt_err: |
| 348 | printk(KERN_INFO "%s: unknown token: %s\n", | 346 | audit_log_format(ab, "UNKNOWN=%s ", p); |
| 349 | __FUNCTION__, p); | ||
| 350 | break; | 347 | break; |
| 351 | } | 348 | } |
| 352 | } | 349 | } |
| 353 | if (entry->action == UNKNOWN) | 350 | if (entry->action == UNKNOWN) |
| 354 | result = -EINVAL; | 351 | result = -EINVAL; |
| 355 | 352 | ||
| 356 | audit_log_format(ab, "res=%d", result); | 353 | audit_log_format(ab, "res=%d", !result ? 0 : 1); |
| 357 | audit_log_end(ab); | 354 | audit_log_end(ab); |
| 358 | return result; | 355 | return result; |
| 359 | } | 356 | } |
| @@ -367,7 +364,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 367 | */ | 364 | */ |
| 368 | int ima_parse_add_rule(char *rule) | 365 | int ima_parse_add_rule(char *rule) |
| 369 | { | 366 | { |
| 370 | const char *op = "add_rule"; | 367 | const char *op = "update_policy"; |
| 371 | struct ima_measure_rule_entry *entry; | 368 | struct ima_measure_rule_entry *entry; |
| 372 | int result = 0; | 369 | int result = 0; |
| 373 | int audit_info = 0; | 370 | int audit_info = 0; |
| @@ -394,8 +391,12 @@ int ima_parse_add_rule(char *rule) | |||
| 394 | mutex_lock(&ima_measure_mutex); | 391 | mutex_lock(&ima_measure_mutex); |
| 395 | list_add_tail(&entry->list, &measure_policy_rules); | 392 | list_add_tail(&entry->list, &measure_policy_rules); |
| 396 | mutex_unlock(&ima_measure_mutex); | 393 | mutex_unlock(&ima_measure_mutex); |
| 397 | } else | 394 | } else { |
| 398 | kfree(entry); | 395 | kfree(entry); |
| 396 | integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, | ||
| 397 | NULL, op, "invalid policy", result, | ||
| 398 | audit_info); | ||
| 399 | } | ||
| 399 | return result; | 400 | return result; |
| 400 | } | 401 | } |
| 401 | 402 | ||