ima: Define new template field imode (f8216f6b) · Commits · EulixOS / Software / Kernel

Documentation/security/IMA-templates.rst

+1 −0

Original line number	Diff line number	Diff line
		@@ -77,6 +77,7 @@ descriptors by adding their identifier to the format string
		- 'evmsig': the EVM portable signature;
		- 'iuid': the inode UID;
		- 'igid': the inode GID;
		- 'imode': the inode mode;


		Below, there is the list of defined template descriptors:

+2 −0

Original line number	Diff line number	Diff line
		@@ -51,6 +51,8 @@ static const struct ima_template_field supported_fields[] = {
		.field_show = ima_show_template_uint},
		{.field_id = "igid", .field_init = ima_eventinodegid_init,
		.field_show = ima_show_template_uint},
		{.field_id = "imode", .field_init = ima_eventinodemode_init,
		.field_show = ima_show_template_uint},
		};

		/*

+22 −0

Original line number	Diff line number	Diff line
		@@ -596,3 +596,25 @@ int ima_eventinodegid_init(struct ima_event_data *event_data,
		{
		return ima_eventinodedac_init_common(event_data, field_data, false);
		}

		/*
		* ima_eventinodemode_init - include the inode mode as part of the template
		* data
		*/
		int ima_eventinodemode_init(struct ima_event_data *event_data,
		struct ima_field_data *field_data)
		{
		struct inode *inode;
		umode_t mode;

		if (!event_data->file)
		return 0;

		inode = file_inode(event_data->file);
		mode = inode->i_mode;
		if (ima_canonical_fmt)
		mode = cpu_to_le16(mode);

		return ima_write_template_field_data((char *)&mode, sizeof(mode),
		DATA_FMT_UINT, field_data);
		}

+2 −0

Original line number	Diff line number	Diff line
		@@ -54,4 +54,6 @@ int ima_eventinodeuid_init(struct ima_event_data *event_data,
		struct ima_field_data *field_data);
		int ima_eventinodegid_init(struct ima_event_data *event_data,
		struct ima_field_data *field_data);
		int ima_eventinodemode_init(struct ima_event_data *event_data,
		struct ima_field_data *field_data);
		#endif /* __LINUX_IMA_TEMPLATE_LIB_H */