ima: use "ima_hooks" enum as function argument
Cleanup the function arguments by using "ima_hooks" enumerator as needed. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: Petko Manolov <petkan@mip-labs.com> Acked-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
This commit is contained in:
parent
b5269ab3e2
commit
4ad87a3d74
@ -137,9 +137,18 @@ static inline unsigned long ima_hash_key(u8 *digest)
|
||||
return hash_long(*digest, IMA_HASH_BITS);
|
||||
}
|
||||
|
||||
enum ima_hooks {
|
||||
FILE_CHECK = 1,
|
||||
MMAP_CHECK,
|
||||
BPRM_CHECK,
|
||||
MODULE_CHECK,
|
||||
FIRMWARE_CHECK,
|
||||
POST_SETATTR
|
||||
};
|
||||
|
||||
/* LIM API function definitions */
|
||||
int ima_get_action(struct inode *inode, int mask, int function);
|
||||
int ima_must_measure(struct inode *inode, int mask, int function);
|
||||
int ima_get_action(struct inode *inode, int mask, enum ima_hooks func);
|
||||
int ima_must_measure(struct inode *inode, int mask, enum ima_hooks func);
|
||||
int ima_collect_measurement(struct integrity_iint_cache *iint,
|
||||
struct file *file, enum hash_algo algo);
|
||||
void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
|
||||
@ -156,8 +165,6 @@ void ima_free_template_entry(struct ima_template_entry *entry);
|
||||
const char *ima_d_path(struct path *path, char **pathbuf);
|
||||
|
||||
/* IMA policy related functions */
|
||||
enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, FIRMWARE_CHECK, POST_SETATTR };
|
||||
|
||||
int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
|
||||
int flags);
|
||||
void ima_init_policy(void);
|
||||
@ -179,21 +186,22 @@ int ima_policy_show(struct seq_file *m, void *v);
|
||||
#define IMA_APPRAISE_FIRMWARE 0x10
|
||||
|
||||
#ifdef CONFIG_IMA_APPRAISE
|
||||
int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
|
||||
int ima_appraise_measurement(enum ima_hooks func,
|
||||
struct integrity_iint_cache *iint,
|
||||
struct file *file, const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value,
|
||||
int xattr_len, int opened);
|
||||
int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
|
||||
void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
|
||||
enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
|
||||
int func);
|
||||
enum ima_hooks func);
|
||||
enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
|
||||
int xattr_len);
|
||||
int ima_read_xattr(struct dentry *dentry,
|
||||
struct evm_ima_xattr_data **xattr_value);
|
||||
|
||||
#else
|
||||
static inline int ima_appraise_measurement(int func,
|
||||
static inline int ima_appraise_measurement(enum ima_hooks func,
|
||||
struct integrity_iint_cache *iint,
|
||||
struct file *file,
|
||||
const unsigned char *filename,
|
||||
@ -215,7 +223,8 @@ static inline void ima_update_xattr(struct integrity_iint_cache *iint,
|
||||
}
|
||||
|
||||
static inline enum integrity_status ima_get_cache_status(struct integrity_iint_cache
|
||||
*iint, int func)
|
||||
*iint,
|
||||
enum ima_hooks func)
|
||||
{
|
||||
return INTEGRITY_UNKNOWN;
|
||||
}
|
||||
|
@ -156,7 +156,7 @@ err_out:
|
||||
* ima_get_action - appraise & measure decision based on policy.
|
||||
* @inode: pointer to inode to measure
|
||||
* @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
|
||||
* @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)
|
||||
* @func: caller identifier
|
||||
*
|
||||
* The policy is defined in terms of keypairs:
|
||||
* subj=, obj=, type=, func=, mask=, fsmagic=
|
||||
@ -168,13 +168,13 @@ err_out:
|
||||
* Returns IMA_MEASURE, IMA_APPRAISE mask.
|
||||
*
|
||||
*/
|
||||
int ima_get_action(struct inode *inode, int mask, int function)
|
||||
int ima_get_action(struct inode *inode, int mask, enum ima_hooks func)
|
||||
{
|
||||
int flags = IMA_MEASURE | IMA_AUDIT | IMA_APPRAISE;
|
||||
|
||||
flags &= ima_policy_flag;
|
||||
|
||||
return ima_match_policy(inode, function, mask, flags);
|
||||
return ima_match_policy(inode, func, mask, flags);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -67,7 +67,7 @@ static int ima_fix_xattr(struct dentry *dentry,
|
||||
|
||||
/* Return specific func appraised cached result */
|
||||
enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
|
||||
int func)
|
||||
enum ima_hooks func)
|
||||
{
|
||||
switch (func) {
|
||||
case MMAP_CHECK:
|
||||
@ -85,7 +85,8 @@ enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
|
||||
}
|
||||
|
||||
static void ima_set_cache_status(struct integrity_iint_cache *iint,
|
||||
int func, enum integrity_status status)
|
||||
enum ima_hooks func,
|
||||
enum integrity_status status)
|
||||
{
|
||||
switch (func) {
|
||||
case MMAP_CHECK:
|
||||
@ -103,11 +104,11 @@ static void ima_set_cache_status(struct integrity_iint_cache *iint,
|
||||
case FILE_CHECK:
|
||||
default:
|
||||
iint->ima_file_status = status;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
|
||||
static void ima_cache_flags(struct integrity_iint_cache *iint,
|
||||
enum ima_hooks func)
|
||||
{
|
||||
switch (func) {
|
||||
case MMAP_CHECK:
|
||||
@ -125,7 +126,6 @@ static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
|
||||
case FILE_CHECK:
|
||||
default:
|
||||
iint->flags |= (IMA_FILE_APPRAISED | IMA_APPRAISED);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -185,7 +185,8 @@ int ima_read_xattr(struct dentry *dentry,
|
||||
*
|
||||
* Return 0 on success, error code otherwise
|
||||
*/
|
||||
int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
|
||||
int ima_appraise_measurement(enum ima_hooks func,
|
||||
struct integrity_iint_cache *iint,
|
||||
struct file *file, const unsigned char *filename,
|
||||
struct evm_ima_xattr_data *xattr_value,
|
||||
int xattr_len, int opened)
|
||||
|
@ -153,8 +153,8 @@ void ima_file_free(struct file *file)
|
||||
ima_check_last_writer(iint, inode, file);
|
||||
}
|
||||
|
||||
static int process_measurement(struct file *file, int mask, int function,
|
||||
int opened)
|
||||
static int process_measurement(struct file *file, int mask,
|
||||
enum ima_hooks func, int opened)
|
||||
{
|
||||
struct inode *inode = file_inode(file);
|
||||
struct integrity_iint_cache *iint = NULL;
|
||||
@ -174,8 +174,8 @@ static int process_measurement(struct file *file, int mask, int function,
|
||||
* bitmask based on the appraise/audit/measurement policy.
|
||||
* Included is the appraise submask.
|
||||
*/
|
||||
action = ima_get_action(inode, mask, function);
|
||||
violation_check = ((function == FILE_CHECK || function == MMAP_CHECK) &&
|
||||
action = ima_get_action(inode, mask, func);
|
||||
violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) &&
|
||||
(ima_policy_flag & IMA_MEASURE));
|
||||
if (!action && !violation_check)
|
||||
return 0;
|
||||
@ -184,7 +184,7 @@ static int process_measurement(struct file *file, int mask, int function,
|
||||
|
||||
/* Is the appraise rule hook specific? */
|
||||
if (action & IMA_FILE_APPRAISE)
|
||||
function = FILE_CHECK;
|
||||
func = FILE_CHECK;
|
||||
|
||||
inode_lock(inode);
|
||||
|
||||
@ -214,7 +214,7 @@ static int process_measurement(struct file *file, int mask, int function,
|
||||
/* Nothing to do, just return existing appraised status */
|
||||
if (!action) {
|
||||
if (must_appraise)
|
||||
rc = ima_get_cache_status(iint, function);
|
||||
rc = ima_get_cache_status(iint, func);
|
||||
goto out_digsig;
|
||||
}
|
||||
|
||||
@ -240,7 +240,7 @@ static int process_measurement(struct file *file, int mask, int function,
|
||||
ima_store_measurement(iint, file, pathname,
|
||||
xattr_value, xattr_len);
|
||||
if (action & IMA_APPRAISE_SUBMASK)
|
||||
rc = ima_appraise_measurement(function, iint, file, pathname,
|
||||
rc = ima_appraise_measurement(func, iint, file, pathname,
|
||||
xattr_value, xattr_len, opened);
|
||||
if (action & IMA_AUDIT)
|
||||
ima_audit_measurement(iint, pathname);
|
||||
|
@ -207,8 +207,8 @@ static void ima_lsm_update_rules(void)
|
||||
*
|
||||
* Returns true on rule match, false on failure.
|
||||
*/
|
||||
static bool ima_match_rules(struct ima_rule_entry *rule,
|
||||
struct inode *inode, enum ima_hooks func, int mask)
|
||||
static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
|
||||
enum ima_hooks func, int mask)
|
||||
{
|
||||
struct task_struct *tsk = current;
|
||||
const struct cred *cred = current_cred();
|
||||
@ -289,7 +289,7 @@ retry:
|
||||
* In addition to knowing that we need to appraise the file in general,
|
||||
* we need to differentiate between calling hooks, for hook specific rules.
|
||||
*/
|
||||
static int get_subaction(struct ima_rule_entry *rule, int func)
|
||||
static int get_subaction(struct ima_rule_entry *rule, enum ima_hooks func)
|
||||
{
|
||||
if (!(rule->flags & IMA_FUNC))
|
||||
return IMA_FILE_APPRAISE;
|
||||
|
Loading…
x
Reference in New Issue
Block a user