From: Roberto Sassu roberto.sassu@huawei.com
euleros inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7QZ2M CVE: NA
-------------------------------------------------
ima_show_htable_violations() and ima_show_measurements_count() both call ima_show_htable_value() to copy the value of an atomic_long_t variable to a buffer.
This patch modifies the definition of ima_show_htable_value(), so that this function can be used in any file_operations structure. The atomic_long_t variable used as source is chosen depending on the opened file in the securityfs filesystem.
Signed-off-by: Roberto Sassu roberto.sassu@huawei.com Signed-off-by: Tianxing Zhang zhangtianxing3@huawei.com Reviewed-by: Jason Yan yanaijie@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com Signed-off-by: zhoushuiqing zhoushuiqing2@huawei.com --- security/integrity/ima/ima_fs.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 9a8fb2a4185a1..e17b9f371fbac 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -50,16 +50,33 @@ __setup("ima_canonical_fmt", default_canonical_fmt_setup);
static int valid_policy = 1;
+#ifdef CONFIG_IMA_DIGEST_LIST +static ssize_t ima_show_htable_value(struct file *filp, char __user *buf, + size_t count, loff_t *ppos) +{ + atomic_long_t *val = NULL; +#else static ssize_t ima_show_htable_value(char __user *buf, size_t count, loff_t *ppos, atomic_long_t *val) { +#endif char tmpbuf[32]; /* greater than largest 'long' string value */ ssize_t len;
+#ifdef CONFIG_IMA_DIGEST_LIST + if (filp->f_path.dentry == violations) + val = &ima_htable.violations; + else if (filp->f_path.dentry == runtime_measurements_count) + val = &ima_htable.len; +#endif len = scnprintf(tmpbuf, sizeof(tmpbuf), "%li\n", atomic_long_read(val)); return simple_read_from_buffer(buf, count, ppos, tmpbuf, len); }
+#ifdef CONFIG_IMA_DIGEST_LIST +static const struct file_operations ima_htable_value_ops = { + .read = ima_show_htable_value, +#else static ssize_t ima_show_htable_violations(struct file *filp, char __user *buf, size_t count, loff_t *ppos) @@ -82,6 +99,7 @@ static ssize_t ima_show_measurements_count(struct file *filp,
static const struct file_operations ima_measurements_count_ops = { .read = ima_show_measurements_count, +#endif .llseek = generic_file_llseek, };
@@ -677,7 +695,11 @@ int __init ima_fs_init(void) runtime_measurements_count = securityfs_create_file("runtime_measurements_count", S_IRUSR | S_IRGRP, ima_dir, NULL, +#ifdef CONFIG_IMA_DIGEST_LIST + &ima_htable_value_ops); +#else &ima_measurements_count_ops); +#endif if (IS_ERR(runtime_measurements_count)) { ret = PTR_ERR(runtime_measurements_count); goto out; @@ -685,7 +707,11 @@ int __init ima_fs_init(void)
violations = securityfs_create_file("violations", S_IRUSR | S_IRGRP, +#ifdef CONFIG_IMA_DIGEST_LIST + ima_dir, NULL, &ima_htable_value_ops); +#else ima_dir, NULL, &ima_htable_violations_ops); +#endif if (IS_ERR(violations)) { ret = PTR_ERR(violations); goto out;