8eb988c70e
The "Untangling ima mess, part 2 with counters" patch messed up the counters. Based on conversations with Al Viro, this patch streamlines ima_path_check() by removing the counter maintaince. The counters are now updated independently, from measuring the file, in __dentry_open() and alloc_file() by calling ima_counts_get(). ima_path_check() is called from nfsd and do_filp_open(). It also did not measure all files that should have been measured. Reason: ima_path_check() got bogus value passed as mask. [AV: mea culpa] [AV: add missing nfsd bits] Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
63 lines
1.3 KiB
C
63 lines
1.3 KiB
C
/*
|
|
* Copyright (C) 2008 IBM Corporation
|
|
* Author: Mimi Zohar <zohar@us.ibm.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, version 2 of the License.
|
|
*/
|
|
|
|
#ifndef _LINUX_IMA_H
|
|
#define _LINUX_IMA_H
|
|
|
|
#include <linux/fs.h>
|
|
struct linux_binprm;
|
|
|
|
#ifdef CONFIG_IMA
|
|
extern int ima_bprm_check(struct linux_binprm *bprm);
|
|
extern int ima_inode_alloc(struct inode *inode);
|
|
extern void ima_inode_free(struct inode *inode);
|
|
extern int ima_path_check(struct file *file, int mask);
|
|
extern void ima_file_free(struct file *file);
|
|
extern int ima_file_mmap(struct file *file, unsigned long prot);
|
|
extern void ima_counts_get(struct file *file);
|
|
|
|
#else
|
|
static inline int ima_bprm_check(struct linux_binprm *bprm)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline int ima_inode_alloc(struct inode *inode)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void ima_inode_free(struct inode *inode)
|
|
{
|
|
return;
|
|
}
|
|
|
|
static inline int ima_path_check(struct file *file, int mask)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void ima_file_free(struct file *file)
|
|
{
|
|
return;
|
|
}
|
|
|
|
static inline int ima_file_mmap(struct file *file, unsigned long prot)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
static inline void ima_counts_get(struct file *file)
|
|
{
|
|
return;
|
|
}
|
|
|
|
#endif /* CONFIG_IMA_H */
|
|
#endif /* _LINUX_IMA_H */
|