raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-25 19:42:19 +00:00
Code Issues Projects Releases Wiki Activity

ima: Define new template fields xattrnames, xattrlengths and xattrvalues

Browse Source 
This patch defines the new template fields xattrnames, xattrlengths and
xattrvalues, which contain respectively a list of xattr names (strings,
separated by |), lengths (u32, hex) and values (hex). If an xattr is not
present, the name and length are not displayed in the measurement list.

Reported-by: kernel test robot <lkp@intel.com> (Missing prototype def)
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Roberto Sassu
2021-06-01 10:23:38 +02:00
committed by Mimi Zohar
parent 8c7a703ec9
commit 8314b6732a
6 changed files with 162 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
security/integrity/ima/ima_template_lib.c
View File

@@ -11,6 +11,7 @@
#include "ima_template_lib.h"
#include <linux/xattr.h>
#include <linux/evm.h>
static bool ima_template_hash_algo_allowed(u8 algo)
{
@@ -618,3 +619,66 @@ int ima_eventinodemode_init(struct ima_event_data *event_data,
return ima_write_template_field_data((char *)&mode, sizeof(mode),
DATA_FMT_UINT, field_data);
}
static int ima_eventinodexattrs_init_common(struct ima_event_data *event_data,
struct ima_field_data *field_data,
char type)
{
u8 *buffer = NULL;
int rc;
if (!event_data->file)
return 0;
rc = evm_read_protected_xattrs(file_dentry(event_data->file), NULL, 0,
type, ima_canonical_fmt);
if (rc < 0)
return 0;
buffer = kmalloc(rc, GFP_KERNEL);
if (!buffer)
return 0;
rc = evm_read_protected_xattrs(file_dentry(event_data->file), buffer,
rc, type, ima_canonical_fmt);
if (rc < 0) {
rc = 0;
goto out;
}
rc = ima_write_template_field_data((char *)buffer, rc, DATA_FMT_HEX,
field_data);
out:
kfree(buffer);
return rc;
}
/*
* ima_eventinodexattrnames_init - include a list of xattr names as part of the
* template data
*/
int ima_eventinodexattrnames_init(struct ima_event_data *event_data,
struct ima_field_data *field_data)
{
return ima_eventinodexattrs_init_common(event_data, field_data, 'n');
}
/*
* ima_eventinodexattrlengths_init - include a list of xattr lengths as part of
* the template data
*/
int ima_eventinodexattrlengths_init(struct ima_event_data *event_data,
struct ima_field_data *field_data)
{
return ima_eventinodexattrs_init_common(event_data, field_data, 'l');
}
/*
* ima_eventinodexattrvalues_init - include a list of xattr values as part of
* the template data
*/
int ima_eventinodexattrvalues_init(struct ima_event_data *event_data,
struct ima_field_data *field_data)
{
return ima_eventinodexattrs_init_common(event_data, field_data, 'v');
}