diff options
| author |   Eric Richter <erichte@linux.vnet.ibm.com> | 2016-06-01 13:14:03 -0500 |
|---|---|---|
| committer |   Mimi Zohar <zohar@linux.vnet.ibm.com> | 2016-06-30 01:14:21 -0400 |
| commit | 14b1da85bbe9a59c5e01123a06dea4c4758a6db9 (patch) | |
| tree | 1a61fea1cd6101588305467af50337d414420b4f /security/integrity/ima/ima_api.c | |
| parent | ima: extend ima_get_action() to return the policy pcr (diff) | |
| download | wireguard-linux-14b1da85bbe9a59c5e01123a06dea4c4758a6db9.tar.xz wireguard-linux-14b1da85bbe9a59c5e01123a06dea4c4758a6db9.zip | |
ima: include pcr for each measurement log entry
The IMA measurement list entries include the Kconfig defined PCR value.
This patch defines a new ima_template_entry field for including the PCR
as specified in the policy rule.
Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_api.c')
| -rw-r--r-- | security/integrity/ima/ima_api.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 225b9cede300..8363ba384992 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -87,7 +87,7 @@ out: */ int ima_store_template(struct ima_template_entry *entry, int violation, struct inode *inode, - const unsigned char *filename) + const unsigned char *filename, int pcr) { static const char op[] = "add_template_measure"; static const char audit_cause[] = "hashing_error"; @@ -114,6 +114,7 @@ int ima_store_template(struct ima_template_entry *entry, } memcpy(entry->digest, hash.hdr.digest, hash.hdr.length); } + entry->pcr = pcr; result = ima_add_template_entry(entry, violation, op, inode, filename); return result; } @@ -144,7 +145,8 @@ void ima_add_violation(struct file *file, const unsigned char *filename, result = -ENOMEM; goto err_out; } - result = ima_store_template(entry, violation, inode, filename); + result = ima_store_template(entry, violation, inode, + filename, CONFIG_IMA_MEASURE_PCR_IDX); if (result < 0) ima_free_template_entry(entry); err_out: @@ -253,7 +255,7 @@ out: void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file, const unsigned char *filename, struct evm_ima_xattr_data *xattr_value, - int xattr_len) + int xattr_len, int pcr) { static const char op[] = "add_template_measure"; static const char audit_cause[] = "ENOMEM"; @@ -274,7 +276,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, return; } - result = ima_store_template(entry, violation, inode, filename); + result = ima_store_template(entry, violation, inode, filename, pcr); if (!result || result == -EEXIST) iint->flags |= IMA_MEASURED; if (result < 0) |