Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 16cac49f authored by Mimi Zohar's avatar Mimi Zohar
Browse files

ima: rename FILE_MMAP to MMAP_CHECK 



Rename FILE_MMAP hook to MMAP_CHECK to be consistent with the other
hook names.

Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
parent b5152463

Documentation/ABI/testing/ima_policy

+1 −1
Original line number Diff line number Diff line
@@ -23,7 +23,7 @@ Description: 
			lsm:	[[subj_user=] [subj_role=] [subj_type=]

				 [obj_user=] [obj_role=] [obj_type=]]



		base: 	func:= [BPRM_CHECK][FILE_MMAP][FILE_CHECK][MODULE_CHECK]

		base: 	func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK]

			mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]

			fsmagic:= hex value

			uid:= decimal value

security/integrity/ima/ima.h

+1 −1
Original line number Diff line number Diff line
@@ -127,7 +127,7 @@ struct integrity_iint_cache *integrity_iint_insert(struct inode *inode); 
struct integrity_iint_cache *integrity_iint_find(struct inode *inode);



/* IMA policy related functions */

enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK, MODULE_CHECK, POST_SETATTR };

enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, POST_SETATTR };



int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,

		     int flags);

security/integrity/ima/ima_api.c

+2 −2
Original line number Diff line number Diff line
@@ -100,12 +100,12 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, 
 * ima_get_action - appraise & measure decision based on policy.

 * @inode: pointer to inode to measure

 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)

 * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP, MODULE_CHECK)

 * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)

 *

 * The policy is defined in terms of keypairs:

 * 		subj=, obj=, type=, func=, mask=, fsmagic=

 *	subj,obj, and type: are LSM specific.

 * 	func: FILE_CHECK | BPRM_CHECK | FILE_MMAP | MODULE_CHECK

 * 	func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK

 * 	mask: contains the permission mask

 *	fsmagic: hex value

 *

security/integrity/ima/ima_main.c

+1 −1
Original line number Diff line number Diff line
@@ -228,7 +228,7 @@ int ima_file_mmap(struct file *file, unsigned long prot) 
{

	if (file && (prot & PROT_EXEC))

		return process_measurement(file, file->f_dentry->d_name.name,

					   MAY_EXEC, FILE_MMAP);

					   MAY_EXEC, MMAP_CHECK);

	return 0;

}

security/integrity/ima/ima_policy.c

+4 −3
Original line number Diff line number Diff line
@@ -75,7 +75,7 @@ static struct ima_rule_entry default_rules[] = { 
	{.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},

	{.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},

	{.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},

	{.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,

	{.action = MEASURE,.func = MMAP_CHECK,.mask = MAY_EXEC,

	 .flags = IMA_FUNC | IMA_MASK},

	{.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,

	 .flags = IMA_FUNC | IMA_MASK},
@@ -448,8 +448,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) 
				entry->func = FILE_CHECK;

			else if (strcmp(args[0].from, "MODULE_CHECK") == 0)

				entry->func = MODULE_CHECK;

			else if (strcmp(args[0].from, "FILE_MMAP") == 0)

				entry->func = FILE_MMAP;

			else if ((strcmp(args[0].from, "FILE_MMAP") == 0)

				|| (strcmp(args[0].from, "MMAP_CHECK") == 0))

				entry->func = MMAP_CHECK;

			else if (strcmp(args[0].from, "BPRM_CHECK") == 0)

				entry->func = BPRM_CHECK;

			else