IMA support script execution check (2b2cac53) · Commits · EulixOS / Software / Kernel

include/linux/ima.h

+6 −0

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@ struct linux_binprm;

		#ifdef CONFIG_IMA
		extern int ima_bprm_check(struct linux_binprm *bprm);
		extern int ima_bprm_creds_for_exec(struct linux_binprm *bprm);
		extern int ima_file_check(struct file *file, int mask);
		extern void ima_post_create_tmpfile(struct inode *inode);
		extern void ima_file_free(struct file *file);
		@@ -57,6 +58,11 @@ static inline int ima_bprm_check(struct linux_binprm *bprm)
		return 0;
		}

		static inline int ima_bprm_creds_for_exec(struct linux_binprm *bprm)
		{
		return 0;
		}

		static inline int ima_file_check(struct file *file, int mask)
		{
		return 0;

+11 −0

Original line number	Diff line number	Diff line
		@@ -597,6 +597,17 @@ int ima_bprm_check(struct linux_binprm *bprm)
		MAY_EXEC, CREDS_CHECK);
		}

		/**
		* ima_bprm_creds_for_exec - ima support exec check.
		*/
		int ima_bprm_creds_for_exec(struct linux_binprm *bprm)
		{
		if (!bprm->is_check)
		return 0;

		return ima_bprm_check(bprm);
		}

		/**
		* ima_path_check - based on policy, collect/store measurement.
		* @file: pointer to the file to be measured

+6 −1

Original line number	Diff line number	Diff line
		@@ -859,7 +859,12 @@ int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
		*/
		int security_bprm_creds_for_exec(struct linux_binprm *bprm)
		{
		return call_int_hook(bprm_creds_for_exec, 0, bprm);
		int ret;

		ret = call_int_hook(bprm_creds_for_exec, 0, bprm);
		if (ret)
		return ret;
		return ima_bprm_creds_for_exec(bprm);
		}

		int security_bprm_creds_from_file(struct linux_binprm bprm, struct file file)