[RFC][PATCH 3/6] ima: added ima_get_template_desc() for templates dynamic registration

From: Roberto Sassu
Date: Thu Nov 07 2013 - 10:51:48 EST

Next message: Roberto Sassu: "[RFC][PATCH 4/6] ima: replace ima_template_desc_current() with ima_get_template_desc()"
Previous message: Roberto Sassu: "[RFC][PATCH 2/6] ima: added new template helper lookup_template_desc_by_fmt()"
In reply to: Roberto Sassu: "[RFC][PATCH 2/6] ima: added new template helper lookup_template_desc_by_fmt()"
Next in thread: Roberto Sassu: "[RFC][PATCH 4/6] ima: replace ima_template_desc_current() with ima_get_template_desc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch introduces the ima_get_template_desc() function which returns
a template descriptor depending on the template name and format passed
as arguments. If the first argument is not NULL, the new function
searches an existing template descriptor by name among those defined
and returns it to the caller. Instead, if the second argument is not
NULL and the first is NULL, it does a template lookup by format and,
if not found, creates a new one before returning the pointer to the
caller. Finally, if both arguments are NULL or the template creation
failed, it returns the default template descriptor.

Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx>
---
security/integrity/ima/ima.h | 2 ++
security/integrity/ima/ima_template.c | 40 +++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 5cbe881..d7b4c19 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -107,6 +107,8 @@ int ima_init_crypto(void);
void ima_putc(struct seq_file *m, void *data, int datalen);
void ima_print_digest(struct seq_file *m, u8 *digest, int size);
struct ima_template_desc *ima_template_desc_current(void);
+struct ima_template_desc *ima_get_template_desc(char *template_name,
+ char *template_fmt);
int ima_init_template(void);

int ima_init_template(void);
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index c849723..7daf2ba 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -248,6 +248,46 @@ struct ima_template_desc *ima_template_desc_current(void)
return ima_template;
}

+struct ima_template_desc *ima_get_template_desc(char *template_name,
+ char *template_fmt)
+{
+ struct ima_template_desc *desc = NULL;
+ int result;
+
+ if (template_name == NULL && template_fmt == NULL)
+ goto out;
+
+ if (template_name) {
+ desc = lookup_template_desc_by_name(template_name);
+ } else {
+ desc = lookup_template_desc_by_fmt(template_fmt);
+ if (desc == NULL) {
+ desc = kzalloc(sizeof(*desc), GFP_KERNEL);
+ if (desc == NULL)
+ goto out;
+ }
+ desc->name = "";
+ desc->fmt = kstrdup(template_fmt, GFP_KERNEL);
+ if (desc->fmt == NULL)
+ goto out_free;
+
+ result = template_desc_init_fields(desc->fmt, &(desc->fields),
+ &(desc->num_fields));
+ if (result < 0)
+ goto out_free_fmt;
+ }
+out:
+ if (desc == NULL)
+ desc = ima_template_desc_current();
+ return desc;
+out_free_fmt:
+ kfree(desc->fmt);
+out_free:
+ kfree(desc);
+ desc = NULL;
+ goto out;
+}
+
int ima_init_template(void)
{
int result;
--
1.8.1.4

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Roberto Sassu: "[RFC][PATCH 4/6] ima: replace ima_template_desc_current() with ima_get_template_desc()"
Previous message: Roberto Sassu: "[RFC][PATCH 2/6] ima: added new template helper lookup_template_desc_by_fmt()"
In reply to: Roberto Sassu: "[RFC][PATCH 2/6] ima: added new template helper lookup_template_desc_by_fmt()"
Next in thread: Roberto Sassu: "[RFC][PATCH 4/6] ima: replace ima_template_desc_current() with ima_get_template_desc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]