diff options
author | Roberto Sassu <rsassu@suse.de> | 2015-04-11 17:12:39 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2015-05-21 13:59:29 -0400 |
commit | 8d94eb9b5cff350ba170848c862ca0006d33d496 (patch) | |
tree | 88774fba38e58df1530470b3a5072e5b729f2ec6 /security/integrity/ima/ima.h | |
parent | 23b5741932ca44856762fa24cc7e01307ab8af1f (diff) | |
download | lwn-8d94eb9b5cff350ba170848c862ca0006d33d496.tar.gz lwn-8d94eb9b5cff350ba170848c862ca0006d33d496.zip |
ima: pass iint to ima_add_violation()
This patch adds the iint associated to the current inode as a new
parameter of ima_add_violation(). The passed iint is always not NULL
if a violation is detected. This modification will be used to determine
the inode for which there is a violation.
Since the 'd' and 'd-ng' template field init() functions were detecting
a violation from the value of the iint pointer, they now check the new
field 'violation', added to the 'ima_event_data' structure.
Changelog:
- v1:
- modified an old comment (Roberto Sassu)
Signed-off-by: Roberto Sassu <rsassu@suse.de>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima.h')
-rw-r--r-- | security/integrity/ima/ima.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index e13ae5466bf2..c996f7edff3a 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -59,6 +59,7 @@ struct ima_event_data { const unsigned char *filename; struct evm_ima_xattr_data *xattr_value; int xattr_len; + const char *violation; }; /* IMA template field data definition */ @@ -110,6 +111,7 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data, struct ima_digest_data *hash); int __init ima_calc_boot_aggregate(struct ima_digest_data *hash); void ima_add_violation(struct file *file, const unsigned char *filename, + struct integrity_iint_cache *iint, const char *op, const char *cause); int ima_init_crypto(void); void ima_putc(struct seq_file *m, void *data, int datalen); |