Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 417c6c8e authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar
Browse files

ima: audit is compiled only when enabled 



IMA auditing code was compiled even when CONFIG_AUDIT was not enabled.
This patch compiles auditing code only when possible and enabled.

Signed-off-by: default avatarDmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 7ff2267a

security/integrity/ima/Kconfig

+2 −1
Original line number Original line Diff line number Diff line
@@ -38,8 +38,9 @@ config IMA_MEASURE_PCR_IDX 
	  measurement list.  If unsure, use the default 10.

	  measurement list.  If unsure, use the default 10.





config IMA_AUDIT

config IMA_AUDIT

	bool

	bool "Enables auditing support"

	depends on IMA

	depends on IMA

	depends on AUDIT

	default y

	default y

	help

	help

	  This option adds a kernel parameter 'ima_audit', which

	  This option adds a kernel parameter 'ima_audit', which

security/integrity/ima/Makefile

+2 −1
Original line number Original line Diff line number Diff line
@@ -6,4 +6,5 @@ 
obj-$(CONFIG_IMA) += ima.o

obj-$(CONFIG_IMA) += ima.o





ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \

ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \

	 ima_policy.o ima_audit.o
 
	 ima_policy.o

ima-$(CONFIG_IMA_AUDIT) += ima_audit.o

security/integrity/ima/ima.h

+9 −0
Original line number Original line Diff line number Diff line
@@ -61,10 +61,19 @@ struct ima_queue_entry { 
};

};

extern struct list_head ima_measurements;	/* list of all measurements */

extern struct list_head ima_measurements;	/* list of all measurements */





#ifdef CONFIG_IMA_AUDIT

/* declarations */

/* declarations */

void integrity_audit_msg(int audit_msgno, struct inode *inode,

void integrity_audit_msg(int audit_msgno, struct inode *inode,

			 const unsigned char *fname, const char *op,

			 const unsigned char *fname, const char *op,

			 const char *cause, int result, int info);

			 const char *cause, int result, int info);

#else

static inline void integrity_audit_msg(int audit_msgno, struct inode *inode,

				       const unsigned char *fname,

				       const char *op, const char *cause,

				       int result, int info)

{

}

#endif





/* Internal IMA function definitions */

/* Internal IMA function definitions */

int ima_init(void);

int ima_init(void);

security/integrity/ima/ima_audit.c

+0 −3
Original line number Original line Diff line number Diff line
@@ -17,8 +17,6 @@ 




static int ima_audit;

static int ima_audit;





#ifdef CONFIG_IMA_AUDIT



/* ima_audit_setup - enable informational auditing messages */

/* ima_audit_setup - enable informational auditing messages */

static int __init ima_audit_setup(char *str)

static int __init ima_audit_setup(char *str)

{

{
@@ -29,7 +27,6 @@ static int __init ima_audit_setup(char *str) 
	return 1;

	return 1;

}

}

__setup("ima_audit=", ima_audit_setup);

__setup("ima_audit=", ima_audit_setup);

#endif





void integrity_audit_msg(int audit_msgno, struct inode *inode,

void integrity_audit_msg(int audit_msgno, struct inode *inode,

			 const unsigned char *fname, const char *op,

			 const unsigned char *fname, const char *op,