[PATCH v3 02/22] ima: refactor ima_policy_show() to display "ima_hooks" rules

Wed, 03 Feb 2016 11:13:19 -0800 

Define and call a function to display the "ima_hooks" rules.

Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
---
 security/integrity/ima/ima_policy.c | 63 +++++++++++++++++++++----------------
 1 file changed, 36 insertions(+), 27 deletions(-)

diff --git a/security/integrity/ima/ima_policy.c 
b/security/integrity/ima/ima_policy.c
index e0e18cc..43b6425 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -903,6 +903,40 @@ void ima_policy_stop(struct seq_file *m, void *v)
 #define mt(token)      mask_tokens[token]
 #define ft(token)      func_tokens[token]
 
+/*
+ * policy_func_show - display the ima_hooks policy rule
+ */
+static void policy_func_show(struct seq_file *m, enum ima_hooks func)
+{
+       char tbuf[64] = {0,};
+
+       switch (func) {
+       case FILE_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_file));
+               break;
+       case MMAP_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_mmap));
+               break;
+       case BPRM_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_bprm));
+               break;
+       case MODULE_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_module));
+               break;
+       case FIRMWARE_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_firmware));
+               break;
+       case POST_SETATTR:
+               seq_printf(m, pt(Opt_func), ft(func_post));
+               break;
+       default:
+               snprintf(tbuf, sizeof(tbuf), "%d", func);
+               seq_printf(m, pt(Opt_func), tbuf);
+               break;
+       }
+       seq_puts(m, " ");
+}
+
 int ima_policy_show(struct seq_file *m, void *v)
 {
        struct ima_rule_entry *entry = v;
@@ -924,33 +958,8 @@ int ima_policy_show(struct seq_file *m, void *v)
 
        seq_puts(m, " ");
 
-       if (entry->flags & IMA_FUNC) {
-               switch (entry->func) {
-               case FILE_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_file));
-                       break;
-               case MMAP_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_mmap));
-                       break;
-               case BPRM_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_bprm));
-                       break;
-               case MODULE_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_module));
-                       break;
-               case FIRMWARE_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_firmware));
-                       break;
-               case POST_SETATTR:
-                       seq_printf(m, pt(Opt_func), ft(func_post));
-                       break;
-               default:
-                       snprintf(tbuf, sizeof(tbuf), "%d", entry->func);
-                       seq_printf(m, pt(Opt_func), tbuf);
-                       break;
-               }
-               seq_puts(m, " ");
-       }
+       if (entry->flags & IMA_FUNC)
+               policy_func_show(m, entry->func);
 
        if (entry->flags & IMA_MASK) {
                if (entry->mask & MAY_EXEC)
-- 
2.1.0


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Reply via email to