From 8d94eb9b5cff350ba170848c862ca0006d33d496 Mon Sep 17 00:00:00 2001 From: Roberto Sassu Date: Sat, 11 Apr 2015 17:12:39 +0200 Subject: ima: pass iint to ima_add_violation() This patch adds the iint associated to the current inode as a new parameter of ima_add_violation(). The passed iint is always not NULL if a violation is detected. This modification will be used to determine the inode for which there is a violation. Since the 'd' and 'd-ng' template field init() functions were detecting a violation from the value of the iint pointer, they now check the new field 'violation', added to the 'ima_event_data' structure. Changelog: - v1: - modified an old comment (Roberto Sassu) Signed-off-by: Roberto Sassu Signed-off-by: Mimi Zohar --- security/integrity/ima/ima_template_lib.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'security/integrity/ima/ima_template_lib.c') diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 67d513367aac..de0ce4fbdf69 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -209,7 +209,7 @@ int ima_eventdigest_init(struct ima_event_data *event_data, memset(&hash, 0, sizeof(hash)); - if (!event_data->iint) /* recording a violation. */ + if (event_data->violation) /* recording a violation. */ goto out; if (ima_template_hash_algo_allowed(event_data->iint->ima_hash->algo)) { @@ -247,8 +247,7 @@ int ima_eventdigest_ng_init(struct ima_event_data *event_data, u8 *cur_digest = NULL, hash_algo = HASH_ALGO_SHA1; u32 cur_digestsize = 0; - /* If iint is NULL, we are recording a violation. */ - if (!event_data->iint) + if (event_data->violation) /* recording a violation. */ goto out; cur_digest = event_data->iint->ima_hash->digest; -- cgit v1.2.3-55-g7522