diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/ima/ima.h | 2 | ||||
-rw-r--r-- | security/integrity/ima/ima_api.c | 4 | ||||
-rw-r--r-- | security/integrity/ima/ima_main.c | 4 | ||||
-rw-r--r-- | security/integrity/ima/ima_policy.c | 9 |
4 files changed, 11 insertions, 8 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index aa25a7eb2d0e..47fb65d1fcbd 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h | |||
@@ -130,7 +130,7 @@ void iint_free(struct kref *kref); | |||
130 | void iint_rcu_free(struct rcu_head *rcu); | 130 | void iint_rcu_free(struct rcu_head *rcu); |
131 | 131 | ||
132 | /* IMA policy related functions */ | 132 | /* IMA policy related functions */ |
133 | enum ima_hooks { PATH_CHECK = 1, FILE_MMAP, BPRM_CHECK }; | 133 | enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK }; |
134 | 134 | ||
135 | int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask); | 135 | int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask); |
136 | void ima_init_policy(void); | 136 | void ima_init_policy(void); |
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 3cd58b60afd2..2a5e0bcf3887 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
@@ -95,12 +95,12 @@ err_out: | |||
95 | * ima_must_measure - measure decision based on policy. | 95 | * ima_must_measure - measure decision based on policy. |
96 | * @inode: pointer to inode to measure | 96 | * @inode: pointer to inode to measure |
97 | * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) | 97 | * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) |
98 | * @function: calling function (PATH_CHECK, BPRM_CHECK, FILE_MMAP) | 98 | * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP) |
99 | * | 99 | * |
100 | * The policy is defined in terms of keypairs: | 100 | * The policy is defined in terms of keypairs: |
101 | * subj=, obj=, type=, func=, mask=, fsmagic= | 101 | * subj=, obj=, type=, func=, mask=, fsmagic= |
102 | * subj,obj, and type: are LSM specific. | 102 | * subj,obj, and type: are LSM specific. |
103 | * func: PATH_CHECK | BPRM_CHECK | FILE_MMAP | 103 | * func: FILE_CHECK | BPRM_CHECK | FILE_MMAP |
104 | * mask: contains the permission mask | 104 | * mask: contains the permission mask |
105 | * fsmagic: hex value | 105 | * fsmagic: hex value |
106 | * | 106 | * |
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index b76e1f03ea2b..294b005d6520 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
@@ -153,7 +153,7 @@ void ima_counts_get(struct file *file) | |||
153 | if (!iint) | 153 | if (!iint) |
154 | return; | 154 | return; |
155 | mutex_lock(&iint->mutex); | 155 | mutex_lock(&iint->mutex); |
156 | rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); | 156 | rc = ima_must_measure(iint, inode, MAY_READ, FILE_CHECK); |
157 | if (rc < 0) | 157 | if (rc < 0) |
158 | goto out; | 158 | goto out; |
159 | 159 | ||
@@ -312,7 +312,7 @@ int ima_file_check(struct file *file, int mask) | |||
312 | 312 | ||
313 | rc = process_measurement(file, file->f_dentry->d_name.name, | 313 | rc = process_measurement(file, file->f_dentry->d_name.name, |
314 | mask & (MAY_READ | MAY_WRITE | MAY_EXEC), | 314 | mask & (MAY_READ | MAY_WRITE | MAY_EXEC), |
315 | PATH_CHECK); | 315 | FILE_CHECK); |
316 | return 0; | 316 | return 0; |
317 | } | 317 | } |
318 | EXPORT_SYMBOL_GPL(ima_file_check); | 318 | EXPORT_SYMBOL_GPL(ima_file_check); |
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index e1278399b345..4759d0f99335 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
@@ -67,7 +67,7 @@ static struct ima_measure_rule_entry default_rules[] = { | |||
67 | .flags = IMA_FUNC | IMA_MASK}, | 67 | .flags = IMA_FUNC | IMA_MASK}, |
68 | {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, | 68 | {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, |
69 | .flags = IMA_FUNC | IMA_MASK}, | 69 | .flags = IMA_FUNC | IMA_MASK}, |
70 | {.action = MEASURE,.func = PATH_CHECK,.mask = MAY_READ,.uid = 0, | 70 | {.action = MEASURE,.func = FILE_CHECK,.mask = MAY_READ,.uid = 0, |
71 | .flags = IMA_FUNC | IMA_MASK | IMA_UID}, | 71 | .flags = IMA_FUNC | IMA_MASK | IMA_UID}, |
72 | }; | 72 | }; |
73 | 73 | ||
@@ -282,8 +282,11 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
282 | break; | 282 | break; |
283 | case Opt_func: | 283 | case Opt_func: |
284 | audit_log_format(ab, "func=%s ", args[0].from); | 284 | audit_log_format(ab, "func=%s ", args[0].from); |
285 | if (strcmp(args[0].from, "PATH_CHECK") == 0) | 285 | if (strcmp(args[0].from, "FILE_CHECK") == 0) |
286 | entry->func = PATH_CHECK; | 286 | entry->func = FILE_CHECK; |
287 | /* PATH_CHECK is for backwards compat */ | ||
288 | else if (strcmp(args[0].from, "PATH_CHECK") == 0) | ||
289 | entry->func = FILE_CHECK; | ||
287 | else if (strcmp(args[0].from, "FILE_MMAP") == 0) | 290 | else if (strcmp(args[0].from, "FILE_MMAP") == 0) |
288 | entry->func = FILE_MMAP; | 291 | entry->func = FILE_MMAP; |
289 | else if (strcmp(args[0].from, "BPRM_CHECK") == 0) | 292 | else if (strcmp(args[0].from, "BPRM_CHECK") == 0) |