ima: pass iint to ima_add_violation()

This patch adds the iint associated to the current inode as a new
parameter of ima_add_violation(). The passed iint is always not NULL
if a violation is detected. This modification will be used to determine
the inode for which there is a violation.

Since the 'd' and 'd-ng' template field init() functions were detecting
a violation from the value of the iint pointer, they now check the new
field 'violation', added to the 'ima_event_data' structure.

Changelog:
 - v1:
   - modified an old comment (Roberto Sassu)

Signed-off-by: Roberto Sassu <rsassu@suse.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

1 files changed, 2 insertions, 3 deletions

diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 67d513367aac..de0ce4fbdf69 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -209,7 +209,7 @@ int ima_eventdigest_init(struct ima_event_data *event_data,
 
 	memset(&hash, 0, sizeof(hash));
 
-	if (!event_data->iint)		/* recording a violation. */
+	if (event_data->violation)	/* recording a violation. */
 		goto out;
 
 	if (ima_template_hash_algo_allowed(event_data->iint->ima_hash->algo)) {
@@ -247,8 +247,7 @@ int ima_eventdigest_ng_init(struct ima_event_data *event_data,
 	u8 *cur_digest = NULL, hash_algo = HASH_ALGO_SHA1;
 	u32 cur_digestsize = 0;
 
-	/* If iint is NULL, we are recording a violation. */
-	if (!event_data->iint)
+	if (event_data->violation)	/* recording a violation. */
 		goto out;
 
 	cur_digest = event_data->iint->ima_hash->digest;