tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

integrity: move integrity_audit_msg()

This patch moves the integrity_audit_msg() function and defintion to
security/integrity/, the parent directory, renames the 'ima_audit'
boot command line option to 'integrity_audit', and fixes the Kconfig
help text to reflect the actual code.

Changelog:
- Fixed ifdef inclusion of integrity_audit_msg() (Fengguang Wu)

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

Mimi Zohar d726d8d7 37ec43cd

+41 -38
+5 -5
Documentation/kernel-parameters.txt
··· 1129 1129 The builtin appraise policy appraises all files 1130 1130 owned by uid=0. 1131 1131 1132 - ima_audit= [IMA] 1133 - Format: { "0" | "1" } 1134 - 0 -- integrity auditing messages. (Default) 1135 - 1 -- enable informational integrity auditing messages. 1136 - 1137 1132 ima_hash= [IMA] 1138 1133 Format: { "sha1" | "md5" } 1139 1134 default: "sha1" ··· 1152 1157 1153 1158 inport.irq= [HW] Inport (ATI XL and Microsoft) busmouse driver 1154 1159 Format: <irq> 1160 + 1161 + integrity_audit=[IMA] 1162 + Format: { "0" | "1" } 1163 + 0 -- basic integrity auditing messages. (Default) 1164 + 1 -- additional integrity auditing messages. 1155 1165 1156 1166 intel_iommu= [DMAR] Intel IOMMU driver (DMAR) option 1157 1167 on
+15
security/integrity/Kconfig
··· 17 17 This is useful for evm and module keyrings, when keys are 18 18 usually only added from initramfs. 19 19 20 + config INTEGRITY_AUDIT 21 + bool "Enables integrity auditing support " 22 + depends on INTEGRITY && AUDIT 23 + default y 24 + help 25 + In addition to enabling integrity auditing support, this 26 + option adds a kernel parameter 'integrity_audit', which 27 + controls the level of integrity auditing messages. 28 + 0 - basic integrity auditing messages (default) 29 + 1 - additional integrity auditing messages 30 + 31 + Additional informational integrity auditing messages would 32 + be enabled by specifying 'integrity_audit=1' on the kernel 33 + command line. 34 + 20 35 config INTEGRITY_ASYMMETRIC_KEYS 21 36 boolean "Enable asymmetric keys support" 22 37 depends on INTEGRITY_SIGNATURE
+1
security/integrity/Makefile
··· 3 3 # 4 4 5 5 obj-$(CONFIG_INTEGRITY) += integrity.o 6 + obj-$(CONFIG_INTEGRITY_AUDIT) += integrity_audit.o 6 7 obj-$(CONFIG_INTEGRITY_SIGNATURE) += digsig.o 7 8 obj-$(CONFIG_INTEGRITY_ASYMMETRIC_KEYS) += digsig_asymmetric.o 8 9
-12
security/integrity/ima/Kconfig
··· 38 38 that IMA uses to maintain the integrity aggregate of the 39 39 measurement list. If unsure, use the default 10. 40 40 41 - config IMA_AUDIT 42 - bool "Enables auditing support" 43 - depends on IMA 44 - depends on AUDIT 45 - default y 46 - help 47 - This option adds a kernel parameter 'ima_audit', which 48 - allows informational auditing messages to be enabled 49 - at boot. If this option is selected, informational integrity 50 - auditing messages can be enabled with 'ima_audit=1' on 51 - the kernel command line. 52 - 53 41 config IMA_LSM_RULES 54 42 bool 55 43 depends on IMA && AUDIT && (SECURITY_SELINUX || SECURITY_SMACK)
-1
security/integrity/ima/Makefile
··· 7 7 8 8 ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \ 9 9 ima_policy.o 10 - ima-$(CONFIG_IMA_AUDIT) += ima_audit.o 11 10 ima-$(CONFIG_IMA_APPRAISE) += ima_appraise.o
-14
security/integrity/ima/ima.h
··· 62 62 }; 63 63 extern struct list_head ima_measurements; /* list of all measurements */ 64 64 65 - #ifdef CONFIG_IMA_AUDIT 66 - /* declarations */ 67 - void integrity_audit_msg(int audit_msgno, struct inode *inode, 68 - const unsigned char *fname, const char *op, 69 - const char *cause, int result, int info); 70 - #else 71 - static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, 72 - const unsigned char *fname, 73 - const char *op, const char *cause, 74 - int result, int info) 75 - { 76 - } 77 - #endif 78 - 79 65 /* Internal IMA function definitions */ 80 66 int ima_init(void); 81 67 void ima_cleanup(void);
+6 -6
security/integrity/ima/ima_audit.c security/integrity/integrity_audit.c
··· 13 13 #include <linux/fs.h> 14 14 #include <linux/gfp.h> 15 15 #include <linux/audit.h> 16 - #include "ima.h" 16 + #include "integrity.h" 17 17 18 - static int ima_audit; 18 + static int integrity_audit_info; 19 19 20 20 /* ima_audit_setup - enable informational auditing messages */ 21 - static int __init ima_audit_setup(char *str) 21 + static int __init integrity_audit_setup(char *str) 22 22 { 23 23 unsigned long audit; 24 24 25 25 if (!strict_strtoul(str, 0, &audit)) 26 - ima_audit = audit ? 1 : 0; 26 + integrity_audit_info = audit ? 1 : 0; 27 27 return 1; 28 28 } 29 - __setup("ima_audit=", ima_audit_setup); 29 + __setup("integrity_audit=", integrity_audit_setup); 30 30 31 31 void integrity_audit_msg(int audit_msgno, struct inode *inode, 32 32 const unsigned char *fname, const char *op, ··· 34 34 { 35 35 struct audit_buffer *ab; 36 36 37 - if (!ima_audit && audit_info == 1) /* Skip informational messages */ 37 + if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ 38 38 return; 39 39 40 40 ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
+14
security/integrity/integrity.h
··· 113 113 } 114 114 #endif 115 115 116 + #ifdef CONFIG_INTEGRITY_AUDIT 117 + /* declarations */ 118 + void integrity_audit_msg(int audit_msgno, struct inode *inode, 119 + const unsigned char *fname, const char *op, 120 + const char *cause, int result, int info); 121 + #else 122 + static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, 123 + const unsigned char *fname, 124 + const char *op, const char *cause, 125 + int result, int info) 126 + { 127 + } 128 + #endif 129 + 116 130 /* set during initialization */ 117 131 extern int iint_initialized;