Merge branch 'for-linus' of... (6df025c1) · Commits · e / devices / android_kernel_fairphone_FP4

security/integrity/ima/ima.h

+4 −2

Original line number	Diff line number	Diff line
		@@ -26,7 +26,8 @@

		#include "../integrity.h"

		enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII };
		enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN,
		IMA_SHOW_ASCII };
		enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };

		/* digest size for IMA, fits SHA1 or MD5 */
		@@ -97,7 +98,8 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
		const char op, struct inode inode,
		const unsigned char *filename);
		int ima_calc_file_hash(struct file file, struct ima_digest_data hash);
		int ima_calc_field_array_hash(struct ima_field_data *field_data, int num_fields,
		int ima_calc_field_array_hash(struct ima_field_data *field_data,
		struct ima_template_desc *desc, int num_fields,
		struct ima_digest_data *hash);
		int __init ima_calc_boot_aggregate(struct ima_digest_data *hash);
		void ima_add_violation(struct file file, const unsigned char filename,

+1 −0

Original line number	Diff line number	Diff line
		@@ -94,6 +94,7 @@ int ima_store_template(struct ima_template_entry *entry,
		/* this function uses default algo */
		hash.hdr.algo = HASH_ALGO_SHA1;
		result = ima_calc_field_array_hash(&entry->template_data[0],
		entry->template_desc,
		num_fields, &hash.hdr);
		if (result < 0) {
		integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,

+12 −5

Original line number	Diff line number	Diff line
		@@ -140,6 +140,7 @@ int ima_calc_file_hash(struct file file, struct ima_digest_data hash)
		* Calculate the hash of template data
		*/
		static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
		struct ima_template_desc *td,
		int num_fields,
		struct ima_digest_data *hash,
		struct crypto_shash *tfm)
		@@ -160,9 +161,13 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
		return rc;

		for (i = 0; i < num_fields; i++) {
		if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
		rc = crypto_shash_update(&desc.shash,
		(const u8 *) &field_data[i].len,
		sizeof(field_data[i].len));
		if (rc)
		break;
		}
		rc = crypto_shash_update(&desc.shash, field_data[i].data,
		field_data[i].len);
		if (rc)
		@@ -175,7 +180,8 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
		return rc;
		}

		int ima_calc_field_array_hash(struct ima_field_data *field_data, int num_fields,
		int ima_calc_field_array_hash(struct ima_field_data *field_data,
		struct ima_template_desc *desc, int num_fields,
		struct ima_digest_data *hash)
		{
		struct crypto_shash *tfm;
		@@ -185,7 +191,8 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data, int num_fields,
		if (IS_ERR(tfm))
		return PTR_ERR(tfm);

		rc = ima_calc_field_array_hash_tfm(field_data, num_fields, hash, tfm);
		rc = ima_calc_field_array_hash_tfm(field_data, desc, num_fields,
		hash, tfm);

		ima_free_tfm(tfm);

+11 −3

Original line number	Diff line number	Diff line
		@@ -120,6 +120,7 @@ static int ima_measurements_show(struct seq_file m, void v)
		struct ima_template_entry *e;
		int namelen;
		u32 pcr = CONFIG_IMA_MEASURE_PCR_IDX;
		bool is_ima_template = false;
		int i;

		/* get entry */
		@@ -145,14 +146,21 @@ static int ima_measurements_show(struct seq_file m, void v)
		ima_putc(m, e->template_desc->name, namelen);

		/* 5th: template length (except for 'ima' template) */
		if (strcmp(e->template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0)
		if (strcmp(e->template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0)
		is_ima_template = true;

		if (!is_ima_template)
		ima_putc(m, &e->template_data_len,
		sizeof(e->template_data_len));

		/* 6th: template specific data */
		for (i = 0; i < e->template_desc->num_fields; i++) {
		e->template_desc->fields[i]->field_show(m, IMA_SHOW_BINARY,
		&e->template_data[i]);
		enum ima_show_type show = IMA_SHOW_BINARY;
		struct ima_template_field *field = e->template_desc->fields[i];

		if (is_ima_template && strcmp(field->field_id, "d") == 0)
		show = IMA_SHOW_BINARY_NO_FIELD_LEN;
		field->field_show(m, show, &e->template_data[i]);
		}
		return 0;
		}

+14 −7

Original line number	Diff line number	Diff line
		@@ -90,7 +90,7 @@ static struct ima_template_field lookup_template_field(const char field_id)
		return NULL;
		}

		static int template_fmt_size(char *template_fmt)
		static int template_fmt_size(const char *template_fmt)
		{
		char c;
		int template_fmt_len = strlen(template_fmt);
		@@ -106,23 +106,28 @@ static int template_fmt_size(char *template_fmt)
		return j + 1;
		}

		static int template_desc_init_fields(char *template_fmt,
		static int template_desc_init_fields(const char *template_fmt,
		struct ima_template_field ***fields,
		int *num_fields)
		{
		char c, template_fmt_ptr = template_fmt;
		char c, template_fmt_copy;
		int template_num_fields = template_fmt_size(template_fmt);
		int i, result = 0;

		if (template_num_fields > IMA_TEMPLATE_NUM_FIELDS_MAX)
		return -EINVAL;

		/* copying is needed as strsep() modifies the original buffer */
		template_fmt_copy = kstrdup(template_fmt, GFP_KERNEL);
		if (template_fmt_copy == NULL)
		return -ENOMEM;

		fields = kzalloc(template_num_fields sizeof(*fields), GFP_KERNEL);
		if (*fields == NULL) {
		result = -ENOMEM;
		goto out;
		}
		for (i = 0; (c = strsep(&template_fmt_ptr, "\|")) != NULL &&
		for (i = 0; (c = strsep(&template_fmt_copy, "\|")) != NULL &&
		i < template_num_fields; i++) {
		struct ima_template_field *f = lookup_template_field(c);

		@@ -133,10 +138,12 @@ static int template_desc_init_fields(char *template_fmt,
		(*fields)[i] = f;
		}
		*num_fields = i;
		return 0;
		out:
		if (result < 0) {
		kfree(*fields);
		*fields = NULL;
		}
		kfree(template_fmt_copy);
		return result;
		}