Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752703AbdGYPsH (ORCPT ); Tue, 25 Jul 2017 11:48:07 -0400 Received: from lhrrgout.huawei.com ([194.213.3.17]:32201 "EHLO lhrrgout.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752888AbdGYPsE (ORCPT ); Tue, 25 Jul 2017 11:48:04 -0400 From: Roberto Sassu To: CC: , , , , Roberto Sassu Subject: [PATCH 01/12] ima: generalize ima_read_policy() Date: Tue, 25 Jul 2017 17:44:12 +0200 Message-ID: <20170725154423.24845-2-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.9.3 In-Reply-To: <20170725154423.24845-1-roberto.sassu@huawei.com> References: <20170725154423.24845-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.204.65.245] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020203.59776832.008E,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 793ccf4dc919323c7b8b62fc37da6057 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2044 Lines: 63 Rename ima_read_policy() to ima_read_file(), and add file_id as new parameter. If file_id is equal to READING_POLICY, ima_read_file() behavior is the same of that without the patch. ima_read_file() will be used to read digest lists, to avoid reporting measurements when the file digest is known. Signed-off-by: Roberto Sassu --- security/integrity/ima/ima_fs.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index ad491c5..058d3c1 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -272,7 +272,7 @@ static const struct file_operations ima_ascii_measurements_ops = { .release = seq_release, }; -static ssize_t ima_read_policy(char *path) +static ssize_t ima_read_file(char *path, enum kernel_read_file_id file_id) { void *data; char *datap; @@ -285,16 +285,22 @@ static ssize_t ima_read_policy(char *path) datap = path; strsep(&datap, "\n"); - rc = kernel_read_file_from_path(path, &data, &size, 0, READING_POLICY); + rc = kernel_read_file_from_path(path, &data, &size, 0, file_id); if (rc < 0) { pr_err("Unable to open file: %s (%d)", path, rc); return rc; } datap = data; - while (size > 0 && (p = strsep(&datap, "\n"))) { - pr_debug("rule: %s\n", p); - rc = ima_parse_add_rule(p); + while (size > 0) { + if (file_id == READING_POLICY) { + p = strsep(&datap, "\n"); + if (p == NULL) + break; + + pr_debug("rule: %s\n", p); + rc = ima_parse_add_rule(p); + } if (rc < 0) break; size -= rc; @@ -334,7 +340,7 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, goto out_free; if (data[0] == '/') { - result = ima_read_policy(data); + result = ima_read_file(data, READING_POLICY); } else if (ima_appraise & IMA_APPRAISE_POLICY) { pr_err("IMA: signed policy file (specified as an absolute pathname) required\n"); integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, -- 2.9.3