int pcr;
unsigned int allowed_algos; /* bitfield of allowed hash algorithms */
struct {
- void *rule; /* LSM file metadata specific */
+ void *rules[LSMBLOB_ENTRIES]; /* LSM file metadata specific */
char *args_p; /* audit value */
int type; /* audit type */
} lsm[MAX_LSM_RULES];
struct ima_template_desc *template;
};
+/**
+ * ima_lsm_isset - Is a rule set for any of the active security modules
+ * @rules: The set of IMA rules to check.
+ *
+ * If a rule is set for any LSM return true, otherwise return false.
+ */
+static inline bool ima_lsm_isset(void *rules[])
+{
+ int i;
+
+ for (i = 0; i < LSMBLOB_ENTRIES; i++)
+ if (rules[i])
+ return true;
+ return false;
+}
+
/*
* sanity check in case the kernels gains more hash algorithms that can
* fit in an unsigned int
static void ima_lsm_free_rule(struct ima_rule_entry *entry)
{
int i;
+ int r;
for (i = 0; i < MAX_LSM_RULES; i++) {
- ima_filter_rule_free(entry->lsm[i].rule);
+ for (r = 0; r < LSMBLOB_ENTRIES; r++)
+ ima_filter_rule_free(entry->lsm[i].rules);
kfree(entry->lsm[i].args_p);
}
}
ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
nentry->lsm[i].args_p,
- &nentry->lsm[i].rule);
- if (!nentry->lsm[i].rule)
+ &nentry->lsm[i].rules[0]);
+ if (!ima_lsm_isset(nentry->lsm[i].rules))
pr_warn("rule for LSM \'%s\' is undefined\n",
nentry->lsm[i].args_p);
}
int rc = 0;
u32 osid;
- if (!rule->lsm[i].rule) {
+ if (!ima_lsm_isset(rule->lsm[i].rules)) {
if (!rule->lsm[i].args_p)
continue;
else
security_inode_getsecid(inode, &osid);
rc = ima_filter_rule_match(osid, rule->lsm[i].type,
Audit_equal,
- rule->lsm[i].rule);
+ rule->lsm[i].rules);
break;
case LSM_SUBJ_USER:
case LSM_SUBJ_ROLE:
case LSM_SUBJ_TYPE:
rc = ima_filter_rule_match(secid, rule->lsm[i].type,
Audit_equal,
- rule->lsm[i].rule);
+ rule->lsm[i].rules);
break;
default:
break;
{
int result;
- if (entry->lsm[lsm_rule].rule)
+ if (ima_lsm_isset(entry->lsm[lsm_rule].rules))
return -EINVAL;
entry->lsm[lsm_rule].args_p = match_strdup(args);
entry->lsm[lsm_rule].type = audit_type;
result = ima_filter_rule_init(entry->lsm[lsm_rule].type, Audit_equal,
entry->lsm[lsm_rule].args_p,
- &entry->lsm[lsm_rule].rule);
- if (!entry->lsm[lsm_rule].rule) {
+ &entry->lsm[lsm_rule].rules[0]);
+ if (!ima_lsm_isset(entry->lsm[lsm_rule].rules)) {
pr_warn("rule for LSM \'%s\' is undefined\n",
entry->lsm[lsm_rule].args_p);
}
for (i = 0; i < MAX_LSM_RULES; i++) {
- if (entry->lsm[i].rule) {
+ if (ima_lsm_isset(entry->lsm[i].rules)) {
switch (i) {
case LSM_OBJ_USER:
seq_printf(m, pt(Opt_obj_user),