diff options
author | Roberto Sassu <roberto.sassu@huawei.com> | 2021-05-28 10:38:08 +0300 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2021-06-01 22:17:30 +0300 |
commit | f8216f6b957f5657c5f4c97f4b037120c6f236bc (patch) | |
tree | ce1daa6226b37167710857084645f6444d89b0ba /security/integrity/ima/ima_template_lib.c | |
parent | 7dcfeacc5a9d0c130160b86de23279793a8732c8 (diff) | |
download | linux-f8216f6b957f5657c5f4c97f4b037120c6f236bc.tar.xz |
ima: Define new template field imode
This patch defines the new template field imode, which includes the
inode mode. It can be used by a remote verifier to verify the EVM portable
signature, if it was included with the template fields sig or evmsig.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_template_lib.c')
-rw-r--r-- | security/integrity/ima/ima_template_lib.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 87b40f391739..3156fb34b1af 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -596,3 +596,25 @@ int ima_eventinodegid_init(struct ima_event_data *event_data, { return ima_eventinodedac_init_common(event_data, field_data, false); } + +/* + * ima_eventinodemode_init - include the inode mode as part of the template + * data + */ +int ima_eventinodemode_init(struct ima_event_data *event_data, + struct ima_field_data *field_data) +{ + struct inode *inode; + umode_t mode; + + if (!event_data->file) + return 0; + + inode = file_inode(event_data->file); + mode = inode->i_mode; + if (ima_canonical_fmt) + mode = cpu_to_le16(mode); + + return ima_write_template_field_data((char *)&mode, sizeof(mode), + DATA_FMT_UINT, field_data); +} |