From b8867eedcf76caef8ae6412da97cd9abfd092ff8 Mon Sep 17 00:00:00 2001 From: Tyler Hicks Date: Fri, 10 Jul 2020 15:37:50 -0500 Subject: ima: Rename internal filter rule functions Rename IMA's internal filter rule functions from security_filter_rule_*() to ima_filter_rule_*(). This avoids polluting the security_* namespace, which is typically reserved for general security subsystem infrastructure. Signed-off-by: Tyler Hicks Suggested-by: Casey Schaufler [zohar@linux.ibm.com: reword using the term "filter", not "audit"] Signed-off-by: Mimi Zohar --- security/integrity/ima/ima.h | 16 ++++++++-------- security/integrity/ima/ima_policy.c | 30 +++++++++++++----------------- 2 files changed, 21 insertions(+), 25 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 576ae2c6d418..38043074ce5e 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -413,24 +413,24 @@ static inline void ima_free_modsig(struct modsig *modsig) /* LSM based policy rules require audit */ #ifdef CONFIG_IMA_LSM_RULES -#define security_filter_rule_init security_audit_rule_init -#define security_filter_rule_free security_audit_rule_free -#define security_filter_rule_match security_audit_rule_match +#define ima_filter_rule_init security_audit_rule_init +#define ima_filter_rule_free security_audit_rule_free +#define ima_filter_rule_match security_audit_rule_match #else -static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr, - void **lsmrule) +static inline int ima_filter_rule_init(u32 field, u32 op, char *rulestr, + void **lsmrule) { return -EINVAL; } -static inline void security_filter_rule_free(void *lsmrule) +static inline void ima_filter_rule_free(void *lsmrule) { } -static inline int security_filter_rule_match(u32 secid, u32 field, u32 op, - void *lsmrule) +static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op, + void *lsmrule) { return -EINVAL; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 9284055ee13a..07f033634b27 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -258,7 +258,7 @@ static void ima_lsm_free_rule(struct ima_rule_entry *entry) int i; for (i = 0; i < MAX_LSM_RULES; i++) { - security_filter_rule_free(entry->lsm[i].rule); + ima_filter_rule_free(entry->lsm[i].rule); kfree(entry->lsm[i].args_p); } } @@ -308,10 +308,9 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry) */ entry->lsm[i].args_p = NULL; - security_filter_rule_init(nentry->lsm[i].type, - Audit_equal, - nentry->lsm[i].args_p, - &nentry->lsm[i].rule); + ima_filter_rule_init(nentry->lsm[i].type, Audit_equal, + nentry->lsm[i].args_p, + &nentry->lsm[i].rule); if (!nentry->lsm[i].rule) pr_warn("rule for LSM \'%s\' is undefined\n", nentry->lsm[i].args_p); @@ -495,18 +494,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, case LSM_OBJ_ROLE: case LSM_OBJ_TYPE: security_inode_getsecid(inode, &osid); - rc = security_filter_rule_match(osid, - rule->lsm[i].type, - Audit_equal, - rule->lsm[i].rule); + rc = ima_filter_rule_match(osid, rule->lsm[i].type, + Audit_equal, + rule->lsm[i].rule); break; case LSM_SUBJ_USER: case LSM_SUBJ_ROLE: case LSM_SUBJ_TYPE: - rc = security_filter_rule_match(secid, - rule->lsm[i].type, - Audit_equal, - rule->lsm[i].rule); + rc = ima_filter_rule_match(secid, rule->lsm[i].type, + Audit_equal, + rule->lsm[i].rule); default: break; } @@ -901,10 +898,9 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry, return -ENOMEM; entry->lsm[lsm_rule].type = audit_type; - result = security_filter_rule_init(entry->lsm[lsm_rule].type, - Audit_equal, - entry->lsm[lsm_rule].args_p, - &entry->lsm[lsm_rule].rule); + result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal, + entry->lsm[lsm_rule].args_p, + &entry->lsm[lsm_rule].rule); if (!entry->lsm[lsm_rule].rule) { pr_warn("rule for LSM \'%s\' is undefined\n", entry->lsm[lsm_rule].args_p); -- cgit v1.2.3