[PATCH openEuler-5.10 53/54] ima: Fix the pathname to relative path when get absolute path failed

From: Li Kun hw.likun@huawei.com

euler inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4L078 CVE: NA

-------------------------------------------------

We backport the commit 17f4bad3abc7 ("ima: remove usage of filename parameter") to support absolute path in ima measurement log,when get absolute path failed, the pathname with NULL value will be passed to the next measurement processes. Fix the pathname to relative path when get absolute path failed.

Signed-off-by: Li Kun hw.likun@huawei.com Signed-off-by: Kefeng Wang wangkefeng.wang@huawei.com Signed-off-by: Hui Wang john.wanghui@huawei.com

Signed-off-by: Zhang Xiaoxu zhangxiaoxu5@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com Reviewed-by: Jason Yan yanaijie@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com

Conflicts: security/integrity/ima/ima_main.c

Signed-off-by: Guo Zihua guozihua@huawei.com Reviewed-by: Xiu Jianfeng xiujianfeng@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- security/integrity/ima/ima_main.c | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 84826e4c844d..e905b70ab0bd 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -502,6 +502,9 @@ static int process_ns_measurement(struct file *file, const struct cred *cred, if (!pathbuf) /* ima_rdwr_violation possibly pre-fetched */ pathname = ima_d_path(&file->f_path, &pathbuf, filename);

+ if (!pathname || strlen(pathname) > IMA_EVENT_NAME_LEN_MAX) + pathname = file->f_path.dentry->d_name.name; + found_digest = ima_lookup_digest(iint->ima_hash->digest, hash_algo, COMPACT_FILE);