ima: separate 'security.ima' reading functionality from collect (1525b06d) · Commits · e / devices / android_kernel_teracube_2e

security/integrity/ima/ima.h

+7 −8

Original line number	Diff line number	Diff line
		@@ -23,6 +23,7 @@
		#include <linux/hash.h>
		#include <linux/tpm.h>
		#include <linux/audit.h>
		#include <crypto/hash_info.h>

		#include "../integrity.h"

		@@ -140,9 +141,7 @@ static inline unsigned long ima_hash_key(u8 *digest)
		int ima_get_action(struct inode *inode, int mask, int function);
		int ima_must_measure(struct inode *inode, int mask, int function);
		int ima_collect_measurement(struct integrity_iint_cache *iint,
		struct file *file,
		struct evm_ima_xattr_data **xattr_value,
		int *xattr_len);
		struct file *file, enum hash_algo algo);
		void ima_store_measurement(struct integrity_iint_cache iint, struct file file,
		const unsigned char *filename,
		struct evm_ima_xattr_data *xattr_value,
		@@ -188,8 +187,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
		void ima_update_xattr(struct integrity_iint_cache iint, struct file file);
		enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
		int func);
		void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len,
		struct ima_digest_data *hash);
		enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
		int xattr_len);
		int ima_read_xattr(struct dentry *dentry,
		struct evm_ima_xattr_data **xattr_value);

		@@ -221,10 +220,10 @@ static inline enum integrity_status ima_get_cache_status(struct integrity_iint_c
		return INTEGRITY_UNKNOWN;
		}

		static inline void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
		int xattr_len,
		struct ima_digest_data *hash)
		static inline enum hash_algo
		ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len)
		{
		return ima_hash_algo;
		}

		static inline int ima_read_xattr(struct dentry *dentry,

security/integrity/ima/ima_api.c

+3 −12

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@
		#include <linux/fs.h>
		#include <linux/xattr.h>
		#include <linux/evm.h>
		#include <crypto/hash_info.h>

		#include "ima.h"

		/*
		@@ -188,9 +188,7 @@ int ima_get_action(struct inode *inode, int mask, int function)
		* Return 0 on success, error code otherwise
		*/
		int ima_collect_measurement(struct integrity_iint_cache *iint,
		struct file *file,
		struct evm_ima_xattr_data **xattr_value,
		int *xattr_len)
		struct file *file, enum hash_algo algo)
		{
		const char *audit_cause = "failed";
		struct inode *inode = file_inode(file);
		@@ -201,9 +199,6 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
		char digest[IMA_MAX_DIGEST_SIZE];
		} hash;

		if (xattr_value)
		*xattr_len = ima_read_xattr(file->f_path.dentry, xattr_value);

		if (!(iint->flags & IMA_COLLECTED)) {
		u64 i_version = file_inode(file)->i_version;

		@@ -213,11 +208,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
		goto out;
		}

		/* use default hash algorithm */
		hash.hdr.algo = ima_hash_algo;

		if (xattr_value)
		ima_get_hash_algo(xattr_value, xattr_len, &hash.hdr);
		hash.hdr.algo = algo;

		result = ima_calc_file_hash(file, &hash.hdr);
		if (!result) {

security/integrity/ima/ima_appraise.c

+14 −11

Original line number	Diff line number	Diff line
		@@ -15,7 +15,6 @@
		#include <linux/magic.h>
		#include <linux/ima.h>
		#include <linux/evm.h>
		#include <crypto/hash_info.h>

		#include "ima.h"

		@@ -130,36 +129,40 @@ static void ima_cache_flags(struct integrity_iint_cache *iint, int func)
		}
		}

		void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len,
		struct ima_digest_data *hash)
		enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
		int xattr_len)
		{
		struct signature_v2_hdr *sig;

		if (!xattr_value \|\| xattr_len < 2)
		return;
		/* return default hash algo */
		return ima_hash_algo;

		switch (xattr_value->type) {
		case EVM_IMA_XATTR_DIGSIG:
		sig = (typeof(sig))xattr_value;
		if (sig->version != 2 \|\| xattr_len <= sizeof(*sig))
		return;
		hash->algo = sig->hash_algo;
		return ima_hash_algo;
		return sig->hash_algo;
		break;
		case IMA_XATTR_DIGEST_NG:
		hash->algo = xattr_value->digest[0];
		return xattr_value->digest[0];
		break;
		case IMA_XATTR_DIGEST:
		/* this is for backward compatibility */
		if (xattr_len == 21) {
		unsigned int zero = 0;
		if (!memcmp(&xattr_value->digest[16], &zero, 4))
		hash->algo = HASH_ALGO_MD5;
		return HASH_ALGO_MD5;
		else
		hash->algo = HASH_ALGO_SHA1;
		return HASH_ALGO_SHA1;
		} else if (xattr_len == 17)
		hash->algo = HASH_ALGO_MD5;
		return HASH_ALGO_MD5;
		break;
		}

		/* return default hash algo */
		return ima_hash_algo;
		}

		int ima_read_xattr(struct dentry *dentry,
		@@ -296,7 +299,7 @@ void ima_update_xattr(struct integrity_iint_cache iint, struct file file)
		if (iint->flags & IMA_DIGSIG)
		return;

		rc = ima_collect_measurement(iint, file, NULL, NULL);
		rc = ima_collect_measurement(iint, file, ima_hash_algo);
		if (rc < 0)
		return;

security/integrity/ima/ima_crypto.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -24,7 +24,7 @@
		#include <linux/err.h>
		#include <linux/slab.h>
		#include <crypto/hash.h>
		#include <crypto/hash_info.h>

		#include "ima.h"

		struct ahash_completion {

security/integrity/ima/ima_init.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -21,7 +21,7 @@
		#include <linux/scatterlist.h>
		#include <linux/slab.h>
		#include <linux/err.h>
		#include <crypto/hash_info.h>

		#include "ima.h"

		/* name for boot aggregate entry */