Re: [RFC][Patch 5/5]integrity: IMA as an integrity service provider

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Randy Dunlap

Subject: Re: [RFC][Patch 5/5]integrity: IMA as an integrity service provider

Date: Wednesday, June 11, 2008 - 3:31 pm

On Tue, 27 May 2008 10:36:03 -0400 Mimi Zohar wrote:

quoted text> Index: linux-2.6.26-rc3-git2/security/integrity/ima/ima_api.c
> ===================================================================
> --- /dev/null
> +++ linux-2.6.26-rc3-git2/security/integrity/ima/ima_api.c
> @@ -0,0 +1,365 @@
> +/*
> + * Copyright (C) 2008 IBM Corporation
> + *
> + * Authors:
> + * Mimi Zohar <zohar@us.ibm.com>
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License as
> + * published by the Free Software Foundation, version 2 of the
> + * License.
> + *
> + * File: ima_api.c
> + *            - implements the LIM API
> + */
> +#include <linux/module.h>
> +#include <linux/integrity.h>
> +#include <linux/magic.h>
> +#include <linux/writeback.h>
> +#include <linux/string.h>
> +#include <linux/list.h>
> +#include <linux/audit.h>
> +#include <linux/ima.h>
> +
> +#include "ima.h"
> +
> +struct template_operations ima_template_ops = {
> +	.must_measure = ima_must_measure,
> +	.collect_measurement = ima_collect_measurement,
> +	.store_measurement = ima_store_measurement,
> +	.display_template = ima_template_show
> +};
> +
> +#ifdef CONFIG_IMA_BOOTPARAM
> +static int ima_enabled = CONFIG_IMA_BOOTPARAM_VALUE;
> +
> +static int __init ima_enabled_setup(char *str)
> +{
> +
> +	ima_enabled = simple_strtol(str, NULL, 0);
> +	return 1;
> +}
> +
> +__setup("ima=", ima_enabled_setup);
> +#else
> +static int ima_enabled = 1;
> +#endif
> +
> +/**
> + * mode_setup - for compatability with non-template IMA versions
> + * @str - is pointer to a string
> + */
> +int ima_template_mode = 1;
> +static int __init mode_setup(char *str)
> +{
> +	if (strncmp(str, "ima", 3) == 0)
> +		ima_template_mode = 0;
> +	if (strncmp(str, "template", 7) == 0)
> +		ima_template_mode = 1;
> +	printk(KERN_INFO "%s: template_mode %s \n", __func__,
> +	       ima_template_mode ? "template" : "ima");
> +	return 1;
> +}
> +
> +__setup("ima_mode=", mode_setup);
> +
> +/**
> + * ima_digest_cpy - copy the hash in the IMA template structure to a digest
> + * @template_name: string containing the name of the template (i.e. "ima")
> + * @template - pointer to template structure

 * @template:

quoted text> + * @digest - pointer to the digest

 * @digest:

quoted text> + *
> + * Returns 0 on success, error code otherwise
> + */
> +static int ima_digest_cpy(char *template_name, void *template, u8 *digest)
> +{
> +	int rc, result = 0;
> +	struct ima_inode_measure_entry *inode_template =
> +	    (struct ima_inode_measure_entry *)template;
> +
> +	rc = strcmp(template_name, "ima");
> +	if (rc == 0)
> +		memcpy(digest, inode_template->digest,
> +		       sizeof inode_template->digest);
> +	else
> +		result = -ENODATA;
> +	return result;
> +}


Thanks.
---
~Randy
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[RFC][Patch 5/5]integrity: IMA as an integrity service pro ..., Mimi Zohar, (Fri May 23, 8:05 am)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Randy Dunlap, (Fri May 23, 4:30 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Mimi Zohar, (Mon May 26, 6:02 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Mimi Zohar, (Tue May 27, 7:36 am)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Andrew Morton, (Wed May 28, 1:22 am)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Mimi Zohar, (Wed May 28, 8:17 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Andrew Morton, (Wed May 28, 8:30 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Mimi Zohar, (Wed May 28, 8:33 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Mimi Zohar, (Thu May 29, 2:50 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Andrew Morton, (Thu May 29, 4:35 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Mimi Zohar, (Thu May 29, 6:58 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Andrew Morton, (Thu May 29, 7:04 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Mimi Zohar, (Fri May 30, 6:06 am)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Pavel Machek, (Sat May 31, 12:54 am)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Randy Dunlap, (Wed Jun 11, 3:31 pm)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., david safford, (Tue Jun 24, 9:28 am)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Pavel Machek, (Tue Aug 5, 10:32 am)

Re: [RFC][Patch 5/5]integrity: IMA as an integrity service ..., Pavel Machek, (Tue Aug 5, 10:35 am)

Navigation

Popular discussions


linux-kernel:
Michael Trimarchi	Re: [PATCH] VFS: make file->f_pos access atomic on 32bit arch
Miklos Szeredi	[patch 14/15] vfs: more path_permission() conversions
Serge E. Hallyn	Re: [RFC v5][PATCH 7/8] Infrastructure for shared objects
Bernd Schmidt	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Takashi Iwai	[PATCH 2/2] input: Add LED support to Synaptics device
git:
Junio C Hamano	Re: mingw, windows, crlf/lf, and git
Eyvind Bernhardsen	Re: Where has "git ls-remote" reference pattern matching gone?
Shawn O. Pearce	Re: Switching from CVS to GIT
Todd Zullinger	Re: [PATCH 2/2] send-email: rfc2047-quote subject lines with non-ascii characters
Santi Béjar	Re: How to use git-fmt-merge-msg?
linux-netdev:
Ramkrishna Vepa	[net-2.6 PATCH 1/10] Neterion: New driver: Driver help file
Mark Anthony	invitation / inquiry
Ingo Molnar	Re: [PATCH 08/16] dma-debug: add core checking functions
David Miller	Re: [PATCH 1/3] f_phonet: dev_kfree_skb instead of dev_kfree_skb_any in TX callback
Sascha Hauer	[PATCH 03/12] fec: do not typedef struct types
git-commits-head:
Linux Kernel Mailing List	amba: struct device - replace bus_id with dev_name(), dev_set_name()
Linux Kernel Mailing List	MIPS: Yosemite: Convert SMP startup lock to arch spinlock.
Linux Kernel Mailing List	ARM: S5PC100: IRQ and timer
Linux Kernel Mailing List	davinci: edma: clear interrupt status for interrupt enabled channels only
Linux Kernel Mailing List	x86, mm, kprobes: fault.c, simplify notify_page_fault()
openbsd-misc:
Daniel A. Ramaley	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?
Matthias Kilian	Re: can't get vesa @ 1280x800 or nv
Tobias Ulmer	Re: Problem after upgrade 4.5 to 4.6: ERR M
Philip Guenther	Re: SIGCHLD and libpthread.so
J.C. Roberts	Re: [semi-OT] Can anyone recommend an OpenBSD-compatible colour laser printer?

Colocation donated by:

Syndicate