ima: Define new template field imode
This patch defines the new template field imode, which includes the inode mode. It can be used by a remote verifier to verify the EVM portable signature, if it was included with the template fields sig or evmsig. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
parent
7dcfeacc5a
commit
f8216f6b95
@ -77,6 +77,7 @@ descriptors by adding their identifier to the format string
|
||||
- 'evmsig': the EVM portable signature;
|
||||
- 'iuid': the inode UID;
|
||||
- 'igid': the inode GID;
|
||||
- 'imode': the inode mode;
|
||||
|
||||
|
||||
Below, there is the list of defined template descriptors:
|
||||
|
@ -51,6 +51,8 @@ static const struct ima_template_field supported_fields[] = {
|
||||
.field_show = ima_show_template_uint},
|
||||
{.field_id = "igid", .field_init = ima_eventinodegid_init,
|
||||
.field_show = ima_show_template_uint},
|
||||
{.field_id = "imode", .field_init = ima_eventinodemode_init,
|
||||
.field_show = ima_show_template_uint},
|
||||
};
|
||||
|
||||
/*
|
||||
|
@ -596,3 +596,25 @@ int ima_eventinodegid_init(struct ima_event_data *event_data,
|
||||
{
|
||||
return ima_eventinodedac_init_common(event_data, field_data, false);
|
||||
}
|
||||
|
||||
/*
|
||||
* ima_eventinodemode_init - include the inode mode as part of the template
|
||||
* data
|
||||
*/
|
||||
int ima_eventinodemode_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data)
|
||||
{
|
||||
struct inode *inode;
|
||||
umode_t mode;
|
||||
|
||||
if (!event_data->file)
|
||||
return 0;
|
||||
|
||||
inode = file_inode(event_data->file);
|
||||
mode = inode->i_mode;
|
||||
if (ima_canonical_fmt)
|
||||
mode = cpu_to_le16(mode);
|
||||
|
||||
return ima_write_template_field_data((char *)&mode, sizeof(mode),
|
||||
DATA_FMT_UINT, field_data);
|
||||
}
|
||||
|
@ -54,4 +54,6 @@ int ima_eventinodeuid_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data);
|
||||
int ima_eventinodegid_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data);
|
||||
int ima_eventinodemode_init(struct ima_event_data *event_data,
|
||||
struct ima_field_data *field_data);
|
||||
#endif /* __LINUX_IMA_TEMPLATE_LIB_H */
|
||||
|
Loading…
Reference in New Issue
Block a user