aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_main.c29
-rw-r--r--security/integrity/ima/ima_queue.c3
2 files changed, 30 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 6f611874d10e..101c512564ec 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -238,7 +238,34 @@ out:
238} 238}
239 239
240/* 240/*
241 * ima_opens_get - increment file counts 241 * ima_counts_put - decrement file counts
242 *
243 * File counts are incremented in ima_path_check. On file open
244 * error, such as ETXTBSY, decrement the counts to prevent
245 * unnecessary imbalance messages.
246 */
247void ima_counts_put(struct path *path, int mask)
248{
249 struct inode *inode = path->dentry->d_inode;
250 struct ima_iint_cache *iint;
251
252 if (!ima_initialized || !S_ISREG(inode->i_mode))
253 return;
254 iint = ima_iint_find_insert_get(inode);
255 if (!iint)
256 return;
257
258 mutex_lock(&iint->mutex);
259 iint->opencount--;
260 if ((mask & MAY_WRITE) || (mask == 0))
261 iint->writecount--;
262 else if (mask & (MAY_READ | MAY_EXEC))
263 iint->readcount--;
264 mutex_unlock(&iint->mutex);
265}
266
267/*
268 * ima_counts_get - increment file counts
242 * 269 *
243 * - for IPC shm and shmat file. 270 * - for IPC shm and shmat file.
244 * - for nfsd exported files. 271 * - for nfsd exported files.
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 7ec94314ac0c..a0880e9c8e05 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -134,7 +134,8 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
134 } 134 }
135out: 135out:
136 mutex_unlock(&ima_extend_list_mutex); 136 mutex_unlock(&ima_extend_list_mutex);
137 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, entry->template_name, 137 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
138 entry->template.file_name,
138 op, audit_cause, result, audit_info); 139 op, audit_cause, result, audit_info);
139 return result; 140 return result;
140} 141}