ima: include pcr for each measurement log entry (14b1da85) · Commits · e / devices / android_kernel_oneplus_sm8150

security/integrity/ima/ima.h

+4 −2

Original line number	Diff line number	Diff line
		@@ -88,6 +88,7 @@ struct ima_template_desc {
		};

		struct ima_template_entry {
		int pcr;
		u8 digest[TPM_DIGEST_SIZE]; /* sha1 or md5 measurement hash */
		struct ima_template_desc template_desc; / template descriptor */
		u32 template_data_len;
		@@ -163,13 +164,14 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
		void ima_store_measurement(struct integrity_iint_cache iint, struct file file,
		const unsigned char *filename,
		struct evm_ima_xattr_data *xattr_value,
		int xattr_len);
		int xattr_len, int pcr);
		void ima_audit_measurement(struct integrity_iint_cache *iint,
		const unsigned char *filename);
		int ima_alloc_init_template(struct ima_event_data *event_data,
		struct ima_template_entry **entry);
		int ima_store_template(struct ima_template_entry *entry, int violation,
		struct inode inode, const unsigned char filename);
		struct inode *inode,
		const unsigned char *filename, int pcr);
		void ima_free_template_entry(struct ima_template_entry *entry);
		const char ima_d_path(const struct path path, char **pathbuf);

security/integrity/ima/ima_api.c

+6 −4

Original line number	Diff line number	Diff line
		@@ -87,7 +87,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
		*/
		int ima_store_template(struct ima_template_entry *entry,
		int violation, struct inode *inode,
		const unsigned char *filename)
		const unsigned char *filename, int pcr)
		{
		static const char op[] = "add_template_measure";
		static const char audit_cause[] = "hashing_error";
		@@ -114,6 +114,7 @@ int ima_store_template(struct ima_template_entry *entry,
		}
		memcpy(entry->digest, hash.hdr.digest, hash.hdr.length);
		}
		entry->pcr = pcr;
		result = ima_add_template_entry(entry, violation, op, inode, filename);
		return result;
		}
		@@ -144,7 +145,8 @@ void ima_add_violation(struct file file, const unsigned char filename,
		result = -ENOMEM;
		goto err_out;
		}
		result = ima_store_template(entry, violation, inode, filename);
		result = ima_store_template(entry, violation, inode,
		filename, CONFIG_IMA_MEASURE_PCR_IDX);
		if (result < 0)
		ima_free_template_entry(entry);
		err_out:
		@@ -253,7 +255,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
		void ima_store_measurement(struct integrity_iint_cache *iint,
		struct file file, const unsigned char filename,
		struct evm_ima_xattr_data *xattr_value,
		int xattr_len)
		int xattr_len, int pcr)
		{
		static const char op[] = "add_template_measure";
		static const char audit_cause[] = "ENOMEM";
		@@ -274,7 +276,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
		return;
		}

		result = ima_store_template(entry, violation, inode, filename);
		result = ima_store_template(entry, violation, inode, filename, pcr);
		if (!result \|\| result == -EEXIST)
		iint->flags \|= IMA_MEASURED;
		if (result < 0)

security/integrity/ima/ima_init.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -79,7 +79,8 @@ static int __init ima_add_boot_aggregate(void)
		}

		result = ima_store_template(entry, violation, NULL,
		boot_aggregate_name);
		boot_aggregate_name,
		CONFIG_IMA_MEASURE_PCR_IDX);
		if (result < 0) {
		ima_free_template_entry(entry);
		audit_cause = "store_entry";

security/integrity/ima/ima_main.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -239,7 +239,7 @@ static int process_measurement(struct file file, char buf, loff_t size,

		if (action & IMA_MEASURE)
		ima_store_measurement(iint, file, pathname,
		xattr_value, xattr_len);
		xattr_value, xattr_len, pcr);
		if (action & IMA_APPRAISE_SUBMASK)
		rc = ima_appraise_measurement(func, iint, file, pathname,
		xattr_value, xattr_len, opened);