linux/security/integrity/iint.c
<<
0" /spaion /formon a 0" href="../linux+v3v2.10/security/integrity/iint.c">0" img src="../.static/gfx/right.png" alt=">>">0" /spaion0" spai class="lxr_search">0" 0" input typluehidden" namluenavtarget" n value">0" input typluetext" namluesearch" iduesearch">0" butttiotypluesubmit">Search0" Prefsn /a>0" /spaion /divon form acopti="ajax+*" method="post" onsubmit="return false;">0" input typluehidden" namlueajax_lookup" idueajax_lookup" n value">0 /formon0 div class="headingbotttm">n div iduefile_contents"o
 
1 /a> spai class="comment">/* /spaion
 
2 /a> spai class="comment"> * Copyright (C) 2008 IBM Corporaopti /spaion
 
3 /a> spai class="comment"> * /spaion
 
4 /a> spai class="comment"> * Authors: /spaion
 
5 /a> spai class="comment"> * Mimi Zohar <zohar@us.ibm.com> /spaion
 
6 /a> spai class="comment"> * /spaion
 
7 /a> spai class="comment"> * This program is free software; you cai redistribute it and/or /spaion
 
8 /a> spai class="comment"> * modify it under the terms of the GNU General Public License as /spaion
 
9 /a> spai class="comment"> * published by the Free Software Foundaopti, versptio2 of the /spaion
 8.10a> spai class="comment"> * License. /spaion
 11 /a> spai class="comment"> * /spaion
 12 /a> spai class="comment"> * File: integrity_iint.c /spaion
 13 /a> spai class="comment"> *
	 
 
- implements the integrity hooks: integrity_inode_alloc, /spaion
 14 /a> spai class="comment"> *        integrity_inode_free /spaion
 15 /a> spai class="comment"> * 	 
 
- cache integrity informaopti associated with an inode /spaion
 16 /a> spai class="comment"> *        using a rbtree tree. /spaion
 17 /a> spai class="comment"> */ /spaion
 18 /a>#include <linux/slab.h /a>>n
 19 /a>#include <linux/module.h /a>>n
 20 /a>#include <linux/spinlock.h /a>>n
 21 /a>#include <linux/rbtree.h /a>>n
 22 /a>#include "integrity.h /a>"n
 23 /a>n
 24 /a>static struct
 a href="+code=rb_root" class="sref">rb_root /a>
 a href="+code=integrity_iint_tree" class="sref">integrity_iint_tree /a>
=
 a href="+code=RB_ROOT" class="sref">RB_ROOT /a>;n
 25 /a>static  a href="+code=DEFINE_SPINLOCK" class="sref">DEFINE_SPINLOCK /a>( a href="+code=integrity_iint_lock" class="sref">integrity_iint_lock /a>);n
 26 /a>static struct
 a href="+code=kmem_cache" class="sref">kmem_cache /a>
* a href="+code=iint_cache" class="sref">iint_cache /a>
 a href="+code=__read_mostly" class="sref">__read_mostly /a>;n
 27 /a>n
 28 /a>int
 a href="+code=iint_initialized" class="sref">iint_initialized /a>;n
 29 /a>n
 3.10a> spai class="comment">/* /spaion
 31 /a> spai class="comment"> * __integrity_iint_find
- return the iint
associated with an inode /spaion
 32 /a> spai class="comment"> */ /spaion
 33 /a>static struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>
* a href="+code=__integrity_iint_find" class="sref">__integrity_iint_find /a>(struct
 a href="+code=inode" class="sref">inode /a>
* a href="+code=inode" class="sref">inode /a>)n
 34 /a>{n
 35 /a>        struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>
* a href="+code=iint" class="sref">iint /a>;n
 36 /a>        struct
 a href="+code=rb_node" class="sref">rb_node /a>
* a href="+code=n" class="sref">n /a>
=
 a href="+code=integrity_iint_tree" class="sref">integrity_iint_tree /a>. a href="+code=rb_node" class="sref">rb_node /a>;n
 37 /a>n
 38 /a>         a href="+code=assert_spin_locked" class="sref">assert_spin_locked /a>(& a href="+code=integrity_iint_lock" class="sref">integrity_iint_lock /a>);n
 39 /a>n
 40 /a>        while ( a href="+code=n" class="sref">n /a>) {n
 41 /a>                 a href="+code=iint" class="sref">iint /a>
=
 a href="+code=rb_entry" class="sref">rb_entry /a>( a href="+code=n" class="sref">n /a>, struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>,
 a href="+code=rb_node" class="sref">rb_node /a>);n
 42 /a>n
 43 /a>                if ( a href="+code=inode" class="sref">inode /a>
<  a href="+code=iint" class="sref">iint /a>-> a href="+code=inode" class="sref">inode /a>)n
 44 /a>                         a href="+code=n" class="sref">n /a>
=
 a href="+code=n" class="sref">n /a>-> a href="+code=rb_left" class="sref">rb_left /a>;n
 45 /a>                else if ( a href="+code=inode" class="sref">inode /a>
>  a href="+code=iint" class="sref">iint /a>-> a href="+code=inode" class="sref">inode /a>)n
 46 /a>                         a href="+code=n" class="sref">n /a>
=
 a href="+code=n" class="sref">n /a>-> a href="+code=rb_right" class="sref">rb_right /a>;n
 47 /a>                elsen
 48 /a>                        break;n
 49 /a>        }n
 50 /a>        if (! a href="+code=n" class="sref">n /a>)n
 51 /a>                return  a href="+code=NULL" class="sref">NULL /a>;n
 52 /a>n
 53 /a>        return  a href="+code=iint" class="sref">iint /a>;n
 54 /a>}n
 55 /a>n
 56 /a> spai class="comment">/* /spaion
 57 /a> spai class="comment"> * integrity_iint_find
- return the iint
associated with an inode /spaion
 58 /a> spai class="comment"> */ /spaion
 59 /a>struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>
* a href="+code=integrity_iint_find" class="sref">integrity_iint_find /a>(struct
 a href="+code=inode" class="sref">inode /a>
* a href="+code=inode" class="sref">inode /a>)n
 60 /a>{n
 61 /a>        struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>
* a href="+code=iint" class="sref">iint /a>;n
 62 /a>n
 63 /a>        if (! a href="+code=IS_IMA" class="sref">IS_IMA /a>( a href="+code=inode" class="sref">inode /a>))n
 64 /a>                return  a href="+code=NULL" class="sref">NULL /a>;n
 65 /a>n
 66 /a>         a href="+code=spin_lock" class="sref">spin_lock /a>(& a href="+code=integrity_iint_lock" class="sref">integrity_iint_lock /a>);n
 67 /a>         a href="+code=iint" class="sref">iint /a>
=
 a href="+code=__integrity_iint_find" class="sref">__integrity_iint_find /a>( a href="+code=inode" class="sref">inode /a>);n
 68 /a>         a href="+code=spin_unlock" class="sref">spin_unlock /a>(& a href="+code=integrity_iint_lock" class="sref">integrity_iint_lock /a>);n
 69 /a>n
 70 /a>        return  a href="+code=iint" class="sref">iint /a>;n
 71 /a>}n
 72 /a>n
 73 /a>static void
 a href="+code=iint_free" class="sref">iint_free /a>(struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>
* a href="+code=iint" class="sref">iint /a>)n
 74 /a>{n
 75 /a>         a href="+code=iint" class="sref">iint /a>-> a href="+code=verspti" class="sref">verspti /a>
=
0;n
 76 /a>         a href="+code=iint" class="sref">iint /a>-> a href="+code=flags" class="sref">flags /a>
=
0UL;n
 77 /a>         a href="+code=iint" class="sref">iint /a>-> a href="+code=evm_status" class="sref">evm_status /a>
=
 a href="+code=INTEGRITY_UNKNOWN" class="sref">INTEGRITY_UNKNOWN /a>;n
 78 /a>         a href="+code=kmem_cache_free" class="sref">kmem_cache_free /a>( a href="+code=iint_cache" class="sref">iint_cache /a>,
 a href="+code=iint" class="sref">iint /a>);n
 79 /a>}n
 80 /a>n
 81 /a> spai class="comment">/** /spaion
 82 /a> spai class="comment"> * integrity_inode_alloc
- allocate an iint
associated with an inode /spaion
 83 /a> spai class="comment"> *
@inode: pointer to the inode /spaion
 84 /a> spai class="comment"> */ /spaion
 85 /a>int
 a href="+code=integrity_inode_alloc" class="sref">integrity_inode_alloc /a>(struct
 a href="+code=inode" class="sref">inode /a>
* a href="+code=inode" class="sref">inode /a>)n
 86 /a>{n
 87 /a>        struct
 a href="+code=rb_node" class="sref">rb_node /a>
** a href="+code=p" class="sref">p /a>;n
 88 /a>        struct
 a href="+code=rb_node" class="sref">rb_node /a>
* a href="+code=new_node" class="sref">new_node /a>,
* a href="+code=parent" class="sref">parent /a>
=
 a href="+code=NULL" class="sref">NULL /a>;n
 89 /a>        struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>
* a href="+code=new_iint" class="sref">new_iint /a>,
* a href="+code=test_iint" class="sref">test_iint /a>;n
 90 /a>        int
 a href="+code=rc" class="sref">rc /a>;n
 91 /a>n
 92 /a>         a href="+code=new_iint" class="sref">new_iint /a>
=
 a href="+code=kmem_cache_alloc" class="sref">kmem_cache_alloc /a>( a href="+code=iint_cache" class="sref">iint_cache /a>,
 a href="+code=GFP_NOFS" class="sref">GFP_NOFS /a>);n
 93 /a>        if (! a href="+code=new_iint" class="sref">new_iint /a>)n
 94 /a>                return - a href="+code=ENOMEM" class="sref">ENOMEM /a>;n
 95 /a>n
 96 /a>         a href="+code=new_iint" class="sref">new_iint /a>-> a href="+code=inode" class="sref">inode /a>
=
 a href="+code=inode" class="sref">inode /a>;n
 97 /a>         a href="+code=new_node" class="sref">new_node /a>
=
& a href="+code=new_iint" class="sref">new_iint /a>-> a href="+code=rb_node" class="sref">rb_node /a>;n
 98 /a>n
 99 /a>         a href="+code=mutex_lock" class="sref">mutex_lock /a>(& a href="+code=inode" class="sref">inode /a>-> a href="+code=i_mutex" class="sref">i_mutex /a>);     spai class="comment">/* i_flags */ /spaion
100 /a>         a href="+code=spin_lock" class="sref">spin_lock /a>(& a href="+code=integrity_iint_lock" class="sref">integrity_iint_lock /a>);n
101 /a>n
102 /a>         a href="+code=p" class="sref">p /a>
=
& a href="+code=integrity_iint_tree" class="sref">integrity_iint_tree /a>. a href="+code=rb_node" class="sref">rb_node /a>;n
103 /a>        while (* a href="+code=p" class="sref">p /a>) {n
104 /a>                 a href="+code=parent" class="sref">parent /a>
=
* a href="+code=p" class="sref">p /a>;n
105 /a>                 a href="+code=test_iint" class="sref">test_iint /a>
=
 a href="+code=rb_entry" class="sref">rb_entry /a>( a href="+code=parent" class="sref">parent /a>, struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>,n
106 /a>                                      a href="+code=rb_node" class="sref">rb_node /a>);n
107 /a>                 a href="+code=rc" class="sref">rc /a>
=
- a href="+code=EEXIST" class="sref">EEXIST /a>;n
108 /a>                if ( a href="+code=inode" class="sref">inode /a>
<  a href="+code=test_iint" class="sref">test_iint /a>-> a href="+code=inode" class="sref">inode /a>)n
109 /a>                         a href="+code=p" class="sref">p /a>
=
&(* a href="+code=p" class="sref">p /a>)-> a href="+code=rb_left" class="sref">rb_left /a>;n
110 /a>                else if ( a href="+code=inode" class="sref">inode /a>
>  a href="+code=test_iint" class="sref">test_iint /a>-> a href="+code=inode" class="sref">inode /a>)n
111 /a>                         a href="+code=p" class="sref">p /a>
=
&(* a href="+code=p" class="sref">p /a>)-> a href="+code=rb_right" class="sref">rb_right /a>;n
112 /a>                elsen
113 /a>                        goto  a href="+code=out_err" class="sref">out_err /a>;n
114 /a>        }n
115 /a>n
116 /a>         a href="+code=inode" class="sref">inode /a>-> a href="+code=i_flags" class="sref">i_flags /a> |=
 a href="+code=S_IMA" class="sref">S_IMA /a>;n
117 /a>         a href="+code=rb_link_node" class="sref">rb_link_node /a>( a href="+code=new_node" class="sref">new_node /a>,
 a href="+code=parent" class="sref">parent /a>,  a href="+code=p" class="sref">p /a>);n
118 /a>         a href="+code=rb_insert_color" class="sref">rb_insert_color /a>( a href="+code=new_node" class="sref">new_node /a>,
& a href="+code=integrity_iint_tree" class="sref">integrity_iint_tree /a>);n
119 /a>n
120 /a>         a href="+code=spin_unlock" class="sref">spin_unlock /a>(& a href="+code=integrity_iint_lock" class="sref">integrity_iint_lock /a>);n
121 /a>         a href="+code=mutex_unlock" class="sref">mutex_unlock /a>(& a href="+code=inode" class="sref">inode /a>-> a href="+code=i_mutex" class="sref">i_mutex /a>);   spai class="comment">/* i_flags */ /spaion
122 /a>n
123 /a>        return 0;n
124 /a> a href="+code=out_err" class="sref">out_err /a>:n
125 /a>         a href="+code=spin_unlock" class="sref">spin_unlock /a>(& a href="+code=integrity_iint_lock" class="sref">integrity_iint_lock /a>);n
126 /a>         a href="+code=mutex_unlock" class="sref">mutex_unlock /a>(& a href="+code=inode" class="sref">inode /a>-> a href="+code=i_mutex" class="sref">i_mutex /a>);   spai class="comment">/* i_flags */ /spaion
127 /a>         a href="+code=iint_free" class="sref">iint_free /a>( a href="+code=new_iint" class="sref">new_iint /a>);n
128 /a>n
129 /a>        return  a href="+code=rc" class="sref">rc /a>;n
13.10a>}n
131 /a>n
132 /a> spai class="comment">/** /spaion
133 /a> spai class="comment"> *
integrity_inode_free
- called on security_inode_free /spaion
134 /a> spai class="comment"> * @inode: pointer to the inode /spaion
135 /a> spai class="comment"> * /spaion
136 /a> spai class="comment"> * Free the integrity informaopti(iint)
associated with an inode. /spaion
137 /a> spai class="comment"> */ /spaion
138 /a>void
 a href="+code=integrity_inode_free" class="sref">integrity_inode_free /a>(struct
 a href="+code=inode" class="sref">inode /a>
* a href="+code=inode" class="sref">inode /a>)n
139 /a>{n
140 /a>        struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>
* a href="+code=iint" class="sref">iint /a>;n
141 /a>n
142 /a>        if (! a href="+code=IS_IMA" class="sref">IS_IMA /a>( a href="+code=inode" class="sref">inode /a>))n
143 /a>                return;n
144 /a>n
145 /a>         a href="+code=spin_lock" class="sref">spin_lock /a>(& a href="+code=integrity_iint_lock" class="sref">integrity_iint_lock /a>);n
146 /a>         a href="+code=iint" class="sref">iint /a>
=
 a href="+code=__integrity_iint_find" class="sref">__integrity_iint_find /a>( a href="+code=inode" class="sref">inode /a>);n
147 /a>         a href="+code=rb_erase" class="sref">rb_erase /a>(& a href="+code=iint" class="sref">iint /a>-> a href="+code=rb_node" class="sref">rb_node /a>,
& a href="+code=integrity_iint_tree" class="sref">integrity_iint_tree /a>);n
148 /a>         a href="+code=spin_unlock" class="sref">spin_unlock /a>(& a href="+code=integrity_iint_lock" class="sref">integrity_iint_lock /a>);n
149 /a>n
150 /a>         a href="+code=iint_free" class="sref">iint_free /a>( a href="+code=iint" class="sref">iint /a>);n
151 /a>}n
152 /a>n
153 /a>static void
 a href="+code=init_once" class="sref">init_once /a>(void
* a href="+code=foo" class="sref">foo /a>)n
154 /a>{n
155 /a>        struct
 a href="+code=integrity_iint_cache" class="sref">integrity_iint_cache /a>
* a href="+code=iint" class="sref">iint /a>
=
 a href="+code=foo" class="sref">foo /a>;n
156 /a>n
157 /a>         a href="+code=memset" class="sref">memset /a>( a href="+code=iint" class="sref">iint /a>, 0, sizeof
* a href="+code=iint" class="sref">iint /a>);n
158 /a>         a href="+code=iint" class="sref">iint /a>-> a href="+code=verspti" class="sref">verspti /a>
=
0;n
159 /a>         a href="+code=iint" class="sref">iint /a>-> a href="+code=flags" class="sref">flags /a>
=
0UL;n
160 /a>         a href="+code=mutex_init" class="sref">mutex_init /a>(& a href="+code=iint" class="sref">iint /a>-> a href="+code=mutex" class="sref">mutex /a>);n
161 /a>         a href="+code=iint" class="sref">iint /a>-> a href="+code=evm_status" class="sref">evm_status /a>
=
 a href="+code=INTEGRITY_UNKNOWN" class="sref">INTEGRITY_UNKNOWN /a>;n
162 /a>}n
163 /a>n
164 /a>static int
 a href="+code=__init" class="sref">__init /a>
 a href="+code=integrity_iintcache_init" class="sref">integrity_iintcache_init /a>(void)n
165 /a>{n
166 /a>         a href="+code=iint_cache" class="sref">iint_cache /a>
=n
167 /a>             a href="+code=kmem_cache_create" class="sref">kmem_cache_create /a>( spai class="string">"iint_cache"integrity_iint_cache /a>),n
168 /a>                              0,  a href="+code=SLAB_PANIC" class="sref">SLAB_PANIC /a>,  a href="+code=init_once" class="sref">init_once /a>);n
169 /a>         a href="+code=iint_initialized" class="sref">iint_initialized /a>
=
1;n
170 /a>        return 0;n
171 /a>}n
172 /a> a href="+code=security_initcall" class="sref">security_initcall /a>( a href="+code=integrity_iintcache_init" class="sref">integrity_iintcache_init /a>);n
173 /a>
The original LXR software by the LXR community /a>, this experimental versptioby lxr@linux.no /a>. /divon div class="subfooter"> lxr.linux.no kindly hosted by Redpill Linpro AS /a>, provider of Linux consulting and operaoptis services since 1995. /divon /bodyon /htmlon