aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima_main.c52
1 files changed, 4 insertions, 48 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index e041233b4d2a..16dc57d247d0 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -50,19 +50,12 @@ static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode)
50} 50}
51 51
52/* 52/*
53 * Update the counts given open flags instead of fmode
54 */
55static void ima_inc_counts_flags(struct ima_iint_cache *iint, int flags)
56{
57 ima_inc_counts(iint, (__force fmode_t)((flags+1) & O_ACCMODE));
58}
59
60/*
61 * Decrement ima counts 53 * Decrement ima counts
62 */ 54 */
63static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, 55static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
64 fmode_t mode) 56 struct file *file)
65{ 57{
58 mode_t mode = file->f_mode;
66 BUG_ON(!mutex_is_locked(&iint->mutex)); 59 BUG_ON(!mutex_is_locked(&iint->mutex));
67 60
68 iint->opencount--; 61 iint->opencount--;
@@ -92,12 +85,6 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
92 } 85 }
93} 86}
94 87
95static void ima_dec_counts_flags(struct ima_iint_cache *iint,
96 struct inode *inode, int flags)
97{
98 ima_dec_counts(iint, inode, (__force fmode_t)((flags+1) & O_ACCMODE));
99}
100
101/** 88/**
102 * ima_file_free - called on __fput() 89 * ima_file_free - called on __fput()
103 * @file: pointer to file structure being freed 90 * @file: pointer to file structure being freed
@@ -117,7 +104,7 @@ void ima_file_free(struct file *file)
117 return; 104 return;
118 105
119 mutex_lock(&iint->mutex); 106 mutex_lock(&iint->mutex);
120 ima_dec_counts(iint, inode, file->f_mode); 107 ima_dec_counts(iint, inode, file);
121 mutex_unlock(&iint->mutex); 108 mutex_unlock(&iint->mutex);
122 kref_put(&iint->refcount, iint_free); 109 kref_put(&iint->refcount, iint_free);
123} 110}
@@ -183,7 +170,7 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file,
183 * Always return 0 and audit dentry_open failures. 170 * Always return 0 and audit dentry_open failures.
184 * (Return code will be based upon measurement appraisal.) 171 * (Return code will be based upon measurement appraisal.)
185 */ 172 */
186int ima_path_check(struct path *path, int mask, int update_counts) 173int ima_path_check(struct path *path, int mask)
187{ 174{
188 struct inode *inode = path->dentry->d_inode; 175 struct inode *inode = path->dentry->d_inode;
189 struct ima_iint_cache *iint; 176 struct ima_iint_cache *iint;
@@ -197,8 +184,6 @@ int ima_path_check(struct path *path, int mask, int update_counts)
197 return 0; 184 return 0;
198 185
199 mutex_lock(&iint->mutex); 186 mutex_lock(&iint->mutex);
200 if (update_counts)
201 ima_inc_counts_flags(iint, mask);
202 187
203 rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); 188 rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK);
204 if (rc < 0) 189 if (rc < 0)
@@ -269,35 +254,6 @@ out:
269} 254}
270 255
271/* 256/*
272 * ima_counts_put - decrement file counts
273 *
274 * File counts are incremented in ima_path_check. On file open
275 * error, such as ETXTBSY, decrement the counts to prevent
276 * unnecessary imbalance messages.
277 */
278void ima_counts_put(struct path *path, int mask)
279{
280 struct inode *inode = path->dentry->d_inode;
281 struct ima_iint_cache *iint;
282
283 /* The inode may already have been freed, freeing the iint
284 * with it. Verify the inode is not NULL before dereferencing
285 * it.
286 */
287 if (!ima_initialized || !inode || !S_ISREG(inode->i_mode))
288 return;
289 iint = ima_iint_find_get(inode);
290 if (!iint)
291 return;
292
293 mutex_lock(&iint->mutex);
294 ima_dec_counts_flags(iint, inode, mask);
295 mutex_unlock(&iint->mutex);
296
297 kref_put(&iint->refcount, iint_free);
298}
299
300/*
301 * ima_counts_get - increment file counts 257 * ima_counts_get - increment file counts
302 * 258 *
303 * - for IPC shm and shmat file. 259 * - for IPC shm and shmat file.