ima: rename FILE_MMAP to MMAP_CHECK
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 13 Dec 2012 16:15:04 +0000 (11:15 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 16 Jan 2013 22:49:59 +0000 (17:49 -0500)
Rename FILE_MMAP hook to MMAP_CHECK to be consistent with the other
hook names.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Documentation/ABI/testing/ima_policy
security/integrity/ima/ima.h
security/integrity/ima/ima_api.c
security/integrity/ima/ima_main.c
security/integrity/ima/ima_policy.c

index ec0a38ef3145e30a90ace37c391d0eba33c81bc7..6a0fc808fb6df95db6b5b9bce276fc7b43acecb7 100644 (file)
@@ -23,7 +23,7 @@ Description:
                        lsm:    [[subj_user=] [subj_role=] [subj_type=]
                                 [obj_user=] [obj_role=] [obj_type=]]
 
-               base:   func:= [BPRM_CHECK][FILE_MMAP][FILE_CHECK][MODULE_CHECK]
+               base:   func:= [BPRM_CHECK][MMAP_CHECK][FILE_CHECK][MODULE_CHECK]
                        mask:= [MAY_READ] [MAY_WRITE] [MAY_APPEND] [MAY_EXEC]
                        fsmagic:= hex value
                        uid:= decimal value
index 3b2adb794f15506311a52b2ec5442297907ee8e2..1385c5c172f7c3ac66adc7109d6c0bc24301ff9c 100644 (file)
@@ -127,7 +127,7 @@ struct integrity_iint_cache *integrity_iint_insert(struct inode *inode);
 struct integrity_iint_cache *integrity_iint_find(struct inode *inode);
 
 /* IMA policy related functions */
-enum ima_hooks { FILE_CHECK = 1, FILE_MMAP, BPRM_CHECK, MODULE_CHECK, POST_SETATTR };
+enum ima_hooks { FILE_CHECK = 1, MMAP_CHECK, BPRM_CHECK, MODULE_CHECK, POST_SETATTR };
 
 int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
                     int flags);
index 0cea3db216576520373a40c4d2df6ac8b1450257..fc722b44c4164b056cc0ed4b5a1c941ac1d69680 100644 (file)
@@ -100,12 +100,12 @@ err_out:
  * ima_get_action - appraise & measure decision based on policy.
  * @inode: pointer to inode to measure
  * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
- * @function: calling function (FILE_CHECK, BPRM_CHECK, FILE_MMAP, MODULE_CHECK)
+ * @function: calling function (FILE_CHECK, BPRM_CHECK, MMAP_CHECK, MODULE_CHECK)
  *
  * The policy is defined in terms of keypairs:
  *             subj=, obj=, type=, func=, mask=, fsmagic=
  *     subj,obj, and type: are LSM specific.
- *     func: FILE_CHECK | BPRM_CHECK | FILE_MMAP | MODULE_CHECK
+ *     func: FILE_CHECK | BPRM_CHECK | MMAP_CHECK | MODULE_CHECK
  *     mask: contains the permission mask
  *     fsmagic: hex value
  *
index 1cd4eb2c3b90725445dabccdeb944dbffdb8d161..970693d1a320fee9a3069a11b151327c69ff2b9d 100644 (file)
@@ -228,7 +228,7 @@ int ima_file_mmap(struct file *file, unsigned long prot)
 {
        if (file && (prot & PROT_EXEC))
                return process_measurement(file, file->f_dentry->d_name.name,
-                                          MAY_EXEC, FILE_MMAP);
+                                          MAY_EXEC, MMAP_CHECK);
        return 0;
 }
 
index 70f888de880de0dab9d5f9a58438ee94afb4dbef..95194539d75e82f793724800fb977351192702c1 100644 (file)
@@ -75,7 +75,7 @@ static struct ima_rule_entry default_rules[] = {
        {.action = DONT_MEASURE,.fsmagic = BINFMTFS_MAGIC,.flags = IMA_FSMAGIC},
        {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
        {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},
-       {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,
+       {.action = MEASURE,.func = MMAP_CHECK,.mask = MAY_EXEC,
         .flags = IMA_FUNC | IMA_MASK},
        {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
         .flags = IMA_FUNC | IMA_MASK},
@@ -448,8 +448,9 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
                                entry->func = FILE_CHECK;
                        else if (strcmp(args[0].from, "MODULE_CHECK") == 0)
                                entry->func = MODULE_CHECK;
-                       else if (strcmp(args[0].from, "FILE_MMAP") == 0)
-                               entry->func = FILE_MMAP;
+                       else if ((strcmp(args[0].from, "FILE_MMAP") == 0)
+                               || (strcmp(args[0].from, "MMAP_CHECK") == 0))
+                               entry->func = MMAP_CHECK;
                        else if (strcmp(args[0].from, "BPRM_CHECK") == 0)
                                entry->func = BPRM_CHECK;
                        else