subject:"\[RFC PATCH v2 01\/11\] ima\: separate 'security.ima' reading functionality from collect"

Re: [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

2016-01-21 Thread Mimi Zohar

On Tue, 2016-01-19 at 22:00 +0200, Dmitry Kasatkin wrote:
> Hi Mimi,
> 
> Please change
> 
> Signed-off-by: Dmitry Kasatkin 

I'll make the change here and in the other patches as well.

Mimi


___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

2016-01-21 Thread Dmitry Kasatkin

On Thu, Jan 21, 2016 at 3:19 PM, Mimi Zohar  wrote:
> On Tue, 2016-01-19 at 22:00 +0200, Dmitry Kasatkin wrote:
>> Hi Mimi,
>>
>> Please change
>>
>> Signed-off-by: Dmitry Kasatkin 
>
> I'll make the change here and in the other patches as well.
>
> Mimi
>

Thanks.

-- 
Thanks,
Dmitry

___
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

Re: [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

2016-01-19 Thread Dmitry Kasatkin

Hi Mimi,

Please change

Signed-off-by: Dmitry Kasatkin 

Thanks

Dmitry


On Mon, Jan 18, 2016 at 5:11 PM, Mimi Zohar  wrote:
> From: Dmitry Kasatkin 
>
> Instead of passing pointers to pointers to ima_collect_measurent() to
> read and return the 'security.ima' xattr value, this patch moves the
> functionality to the calling process_measurement() to directly read
> the xattr and pass only the hash algo to the ima_collect_measurement().
>
> Signed-off-by: Dmitry Kasatkin 
> Signed-off-by: Mimi Zohar 
> ---
>  security/integrity/ima/ima.h  | 15 +++
>  security/integrity/ima/ima_api.c  | 15 +++
>  security/integrity/ima/ima_appraise.c | 25 ++---
>  security/integrity/ima/ima_crypto.c   |  2 +-
>  security/integrity/ima/ima_init.c |  2 +-
>  security/integrity/ima/ima_main.c | 11 +++
>  security/integrity/ima/ima_template.c |  2 --
>  security/integrity/ima/ima_template_lib.c |  1 -
>  8 files changed, 33 insertions(+), 40 deletions(-)
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index 585af61..fb8da36 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -23,6 +23,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>
>  #include "../integrity.h"
>
> @@ -140,9 +141,7 @@ static inline unsigned long ima_hash_key(u8 *digest)
>  int ima_get_action(struct inode *inode, int mask, int function);
>  int ima_must_measure(struct inode *inode, int mask, int function);
>  int ima_collect_measurement(struct integrity_iint_cache *iint,
> -   struct file *file,
> -   struct evm_ima_xattr_data **xattr_value,
> -   int *xattr_len);
> +   struct file *file, enum hash_algo algo);
>  void ima_store_measurement(struct integrity_iint_cache *iint, struct file 
> *file,
>const unsigned char *filename,
>struct evm_ima_xattr_data *xattr_value,
> @@ -188,8 +187,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum 
> ima_hooks func);
>  void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
>  enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
>int func);
> -void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len,
> -  struct ima_digest_data *hash);
> +enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
> +int xattr_len);
>  int ima_read_xattr(struct dentry *dentry,
>struct evm_ima_xattr_data **xattr_value);
>
> @@ -221,10 +220,10 @@ static inline enum integrity_status 
> ima_get_cache_status(struct integrity_iint_c
> return INTEGRITY_UNKNOWN;
>  }
>
> -static inline void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
> -int xattr_len,
> -struct ima_digest_data *hash)
> +static inline enum hash_algo
> +ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len)
>  {
> +   return ima_hash_algo;
>  }
>
>  static inline int ima_read_xattr(struct dentry *dentry,
> diff --git a/security/integrity/ima/ima_api.c 
> b/security/integrity/ima/ima_api.c
> index 1d950fb..e7c7a5d 100644
> --- a/security/integrity/ima/ima_api.c
> +++ b/security/integrity/ima/ima_api.c
> @@ -18,7 +18,7 @@
>  #include 
>  #include 
>  #include 
> -#include 
> +
>  #include "ima.h"
>
>  /*
> @@ -188,9 +188,7 @@ int ima_get_action(struct inode *inode, int mask, int 
> function)
>   * Return 0 on success, error code otherwise
>   */
>  int ima_collect_measurement(struct integrity_iint_cache *iint,
> -   struct file *file,
> -   struct evm_ima_xattr_data **xattr_value,
> -   int *xattr_len)
> +   struct file *file, enum hash_algo algo)
>  {
> const char *audit_cause = "failed";
> struct inode *inode = file_inode(file);
> @@ -201,9 +199,6 @@ int ima_collect_measurement(struct integrity_iint_cache 
> *iint,
> char digest[IMA_MAX_DIGEST_SIZE];
> } hash;
>
> -   if (xattr_value)
> -   *xattr_len = ima_read_xattr(file->f_path.dentry, xattr_value);
> -
> if (!(iint->flags & IMA_COLLECTED)) {
> u64 i_version = file_inode(file)->i_version;
>
> @@ -213,11 +208,7 @@ int ima_collect_measurement(struct integrity_iint_cache 
> *iint,
> goto out;
> }
>
> -   /* use default hash algorithm */
> -   hash.hdr.algo = ima_hash_algo;
> -
> -   if (xattr_value)
> -

[RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

2016-01-18 Thread Mimi Zohar

From: Dmitry Kasatkin 

Instead of passing pointers to pointers to ima_collect_measurent() to
read and return the 'security.ima' xattr value, this patch moves the
functionality to the calling process_measurement() to directly read
the xattr and pass only the hash algo to the ima_collect_measurement().

Signed-off-by: Dmitry Kasatkin 
Signed-off-by: Mimi Zohar 
---
 security/integrity/ima/ima.h  | 15 +++
 security/integrity/ima/ima_api.c  | 15 +++
 security/integrity/ima/ima_appraise.c | 25 ++---
 security/integrity/ima/ima_crypto.c   |  2 +-
 security/integrity/ima/ima_init.c |  2 +-
 security/integrity/ima/ima_main.c | 11 +++
 security/integrity/ima/ima_template.c |  2 --
 security/integrity/ima/ima_template_lib.c |  1 -
 8 files changed, 33 insertions(+), 40 deletions(-)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 585af61..fb8da36 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -23,6 +23,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "../integrity.h"
 
@@ -140,9 +141,7 @@ static inline unsigned long ima_hash_key(u8 *digest)
 int ima_get_action(struct inode *inode, int mask, int function);
 int ima_must_measure(struct inode *inode, int mask, int function);
 int ima_collect_measurement(struct integrity_iint_cache *iint,
-   struct file *file,
-   struct evm_ima_xattr_data **xattr_value,
-   int *xattr_len);
+   struct file *file, enum hash_algo algo);
 void ima_store_measurement(struct integrity_iint_cache *iint, struct file 
*file,
   const unsigned char *filename,
   struct evm_ima_xattr_data *xattr_value,
@@ -188,8 +187,8 @@ int ima_must_appraise(struct inode *inode, int mask, enum 
ima_hooks func);
 void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
 enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
   int func);
-void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len,
-  struct ima_digest_data *hash);
+enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
+int xattr_len);
 int ima_read_xattr(struct dentry *dentry,
   struct evm_ima_xattr_data **xattr_value);
 
@@ -221,10 +220,10 @@ static inline enum integrity_status 
ima_get_cache_status(struct integrity_iint_c
return INTEGRITY_UNKNOWN;
 }
 
-static inline void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
-int xattr_len,
-struct ima_digest_data *hash)
+static inline enum hash_algo
+ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len)
 {
+   return ima_hash_algo;
 }
 
 static inline int ima_read_xattr(struct dentry *dentry,
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 1d950fb..e7c7a5d 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -18,7 +18,7 @@
 #include 
 #include 
 #include 
-#include 
+
 #include "ima.h"
 
 /*
@@ -188,9 +188,7 @@ int ima_get_action(struct inode *inode, int mask, int 
function)
  * Return 0 on success, error code otherwise
  */
 int ima_collect_measurement(struct integrity_iint_cache *iint,
-   struct file *file,
-   struct evm_ima_xattr_data **xattr_value,
-   int *xattr_len)
+   struct file *file, enum hash_algo algo)
 {
const char *audit_cause = "failed";
struct inode *inode = file_inode(file);
@@ -201,9 +199,6 @@ int ima_collect_measurement(struct integrity_iint_cache 
*iint,
char digest[IMA_MAX_DIGEST_SIZE];
} hash;
 
-   if (xattr_value)
-   *xattr_len = ima_read_xattr(file->f_path.dentry, xattr_value);
-
if (!(iint->flags & IMA_COLLECTED)) {
u64 i_version = file_inode(file)->i_version;
 
@@ -213,11 +208,7 @@ int ima_collect_measurement(struct integrity_iint_cache 
*iint,
goto out;
}
 
-   /* use default hash algorithm */
-   hash.hdr.algo = ima_hash_algo;
-
-   if (xattr_value)
-   ima_get_hash_algo(*xattr_value, *xattr_len, );
+   hash.hdr.algo = algo;
 
result = ima_calc_file_hash(file, );
if (!result) {
diff --git a/security/integrity/ima/ima_appraise.c 
b/security/integrity/ima/ima_appraise.c
index 1873b55..9c2b46b 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -15,7 +15,6

Re: [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

Re: [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

Re: [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

[RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect

4 matches

Site Navigation

Mail list logo

Footer information