Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f381c272 authored by Mimi Zohar's avatar Mimi Zohar
Browse files

integrity: move ima inode integrity data management 



Move the inode integrity data(iint) management up to the integrity directory
in order to share the iint among the different integrity models.

Changelog:
- don't define MAX_DIGEST_SIZE
- rename several globally visible 'ima_' prefixed functions, structs,
  locks, etc to 'integrity_'
- replace '20' with SHA1_DIGEST_SIZE
- reflect location change in appropriate Kconfig and Makefiles
- remove unnecessary initialization of iint_initialized to 0
- rebased on current ima_iint.c
- define integrity_iint_store/lock as static

There should be no other functional changes.

Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
Acked-by: default avatarSerge Hallyn <serge.hallyn@ubuntu.com>
parent 9d8f13ba

include/linux/ima.h

+0 −13
Original line number Diff line number Diff line
@@ -15,8 +15,6 @@ struct linux_binprm; 


#ifdef CONFIG_IMA

extern int ima_bprm_check(struct linux_binprm *bprm);

extern int ima_inode_alloc(struct inode *inode);

extern void ima_inode_free(struct inode *inode);

extern int ima_file_check(struct file *file, int mask);

extern void ima_file_free(struct file *file);

extern int ima_file_mmap(struct file *file, unsigned long prot);
@@ -27,16 +25,6 @@ static inline int ima_bprm_check(struct linux_binprm *bprm) 
	return 0;

}



static inline int ima_inode_alloc(struct inode *inode)

{

	return 0;

}



static inline void ima_inode_free(struct inode *inode)

{

	return;

}



static inline int ima_file_check(struct file *file, int mask)

{

	return 0;
@@ -51,6 +39,5 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot) 
{

	return 0;

}



#endif /* CONFIG_IMA_H */

#endif /* _LINUX_IMA_H */

include/linux/integrity.h

0 → 100644
+30 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2009 IBM Corporation

 * Author: Mimi Zohar <zohar@us.ibm.com>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation, version 2 of the License.

 */



#ifndef _LINUX_INTEGRITY_H

#define _LINUX_INTEGRITY_H



#include <linux/fs.h>



#ifdef CONFIG_INTEGRITY

extern int integrity_inode_alloc(struct inode *inode);

extern void integrity_inode_free(struct inode *inode);



#else

static inline int integrity_inode_alloc(struct inode *inode)

{

	return 0;

}



static inline void integrity_inode_free(struct inode *inode)

{

	return;

}

#endif /* CONFIG_INTEGRITY_H */

#endif /* _LINUX_INTEGRITY_H */

security/Kconfig

+1 −1
Original line number Diff line number Diff line
@@ -186,7 +186,7 @@ source security/smack/Kconfig 
source security/tomoyo/Kconfig

source security/apparmor/Kconfig



source security/integrity/ima/Kconfig

source security/integrity/Kconfig



choice

	prompt "Default security module"

security/Makefile

+2 −2
Original line number Diff line number Diff line
@@ -24,5 +24,5 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor/built-in.o 
obj-$(CONFIG_CGROUP_DEVICE)		+= device_cgroup.o



# Object integrity file lists

subdir-$(CONFIG_IMA)			+= integrity/ima

obj-$(CONFIG_IMA)			+= integrity/ima/built-in.o
 
subdir-$(CONFIG_INTEGRITY)		+= integrity

obj-$(CONFIG_INTEGRITY)			+= integrity/built-in.o

security/integrity/Kconfig

0 → 100644
+6 −0
Original line number Diff line number Diff line 
#

config INTEGRITY

	def_bool y

	depends on IMA



source security/integrity/ima/Kconfig