summaryrefslogtreecommitdiff
path: root/security/integrity/ima/ima_main.c
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>2012-09-04 00:40:17 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>2013-01-16 17:50:03 -0500
commitea1046d4c57ee6e3d5f68f19dd9a45bbab0b71a0 (patch)
tree5779ef0eadc9b871f0b1b06cc0107d0c28dfc726 /security/integrity/ima/ima_main.c
parentee866331749b07373743ce18ceaffb1dd841d855 (diff)
ima: move full pathname resolution to separate function
Define a new function ima_d_path(), which returns the full pathname. This function will be used further, for example, by the directory verification code. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_main.c')
-rw-r--r--security/integrity/ima/ima_main.c51
1 files changed, 20 insertions, 31 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 970693d1a320..d743c9a0a4b4 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -61,7 +61,8 @@ static void ima_rdwr_violation_check(struct file *file)
fmode_t mode = file->f_mode;
int must_measure;
bool send_tomtou = false, send_writers = false;
- unsigned char *pathname = NULL, *pathbuf = NULL;
+ char *pathbuf = NULL;
+ const char *pathname;
if (!S_ISREG(inode->i_mode) || !ima_initialized)
return;
@@ -86,22 +87,15 @@ out:
if (!send_tomtou && !send_writers)
return;
- /* We will allow 11 spaces for ' (deleted)' to be appended */
- pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
- if (pathbuf) {
- pathname = d_path(&file->f_path, pathbuf, PATH_MAX + 11);
- if (IS_ERR(pathname))
- pathname = NULL;
- else if (strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
- pathname = NULL;
- }
+ pathname = ima_d_path(&file->f_path, &pathbuf);
+ if (!pathname || strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
+ pathname = dentry->d_name.name;
+
if (send_tomtou)
- ima_add_violation(inode,
- !pathname ? dentry->d_name.name : pathname,
+ ima_add_violation(inode, pathname,
"invalid_pcr", "ToMToU");
if (send_writers)
- ima_add_violation(inode,
- !pathname ? dentry->d_name.name : pathname,
+ ima_add_violation(inode, pathname,
"invalid_pcr", "open_writers");
kfree(pathbuf);
}
@@ -145,12 +139,13 @@ void ima_file_free(struct file *file)
ima_check_last_writer(iint, inode, file);
}
-static int process_measurement(struct file *file, const unsigned char *filename,
+static int process_measurement(struct file *file, const char *filename,
int mask, int function)
{
struct inode *inode = file->f_dentry->d_inode;
struct integrity_iint_cache *iint;
- unsigned char *pathname = NULL, *pathbuf = NULL;
+ char *pathbuf = NULL;
+ const char *pathname = NULL;
int rc = -ENOMEM, action, must_appraise;
if (!ima_initialized || !S_ISREG(inode->i_mode))
@@ -187,24 +182,18 @@ static int process_measurement(struct file *file, const unsigned char *filename,
if (rc != 0)
goto out;
- if (function != BPRM_CHECK) {
- /* We will allow 11 spaces for ' (deleted)' to be appended */
- pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
- if (pathbuf) {
- pathname =
- d_path(&file->f_path, pathbuf, PATH_MAX + 11);
- if (IS_ERR(pathname))
- pathname = NULL;
- }
- }
+ if (function != BPRM_CHECK)
+ pathname = ima_d_path(&file->f_path, &pathbuf);
+
+ if (!pathname)
+ pathname = filename;
+
if (action & IMA_MEASURE)
- ima_store_measurement(iint, file,
- !pathname ? filename : pathname);
+ ima_store_measurement(iint, file, pathname);
if (action & IMA_APPRAISE)
- rc = ima_appraise_measurement(iint, file,
- !pathname ? filename : pathname);
+ rc = ima_appraise_measurement(iint, file, pathname);
if (action & IMA_AUDIT)
- ima_audit_measurement(iint, !pathname ? filename : pathname);
+ ima_audit_measurement(iint, pathname);
kfree(pathbuf);
out:
mutex_unlock(&inode->i_mutex);