ima: refactor ima_policy_show() to display "ima_hooks" rules
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 28 Jan 2016 18:10:36 +0000 (13:10 -0500)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 18 Feb 2016 22:13:56 +0000 (17:13 -0500)
Define and call a function to display the "ima_hooks" rules.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: Petko Manolov <petkan@mip-labs.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
security/integrity/ima/ima_policy.c

index e0e18cc5930a8f5298a4c98d97491fad2e4f8622..43b642557d6c5ca407d6f298621adb2e118ea847 100644 (file)
@@ -903,6 +903,40 @@ void ima_policy_stop(struct seq_file *m, void *v)
 #define mt(token)      mask_tokens[token]
 #define ft(token)      func_tokens[token]
 
+/*
+ * policy_func_show - display the ima_hooks policy rule
+ */
+static void policy_func_show(struct seq_file *m, enum ima_hooks func)
+{
+       char tbuf[64] = {0,};
+
+       switch (func) {
+       case FILE_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_file));
+               break;
+       case MMAP_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_mmap));
+               break;
+       case BPRM_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_bprm));
+               break;
+       case MODULE_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_module));
+               break;
+       case FIRMWARE_CHECK:
+               seq_printf(m, pt(Opt_func), ft(func_firmware));
+               break;
+       case POST_SETATTR:
+               seq_printf(m, pt(Opt_func), ft(func_post));
+               break;
+       default:
+               snprintf(tbuf, sizeof(tbuf), "%d", func);
+               seq_printf(m, pt(Opt_func), tbuf);
+               break;
+       }
+       seq_puts(m, " ");
+}
+
 int ima_policy_show(struct seq_file *m, void *v)
 {
        struct ima_rule_entry *entry = v;
@@ -924,33 +958,8 @@ int ima_policy_show(struct seq_file *m, void *v)
 
        seq_puts(m, " ");
 
-       if (entry->flags & IMA_FUNC) {
-               switch (entry->func) {
-               case FILE_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_file));
-                       break;
-               case MMAP_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_mmap));
-                       break;
-               case BPRM_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_bprm));
-                       break;
-               case MODULE_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_module));
-                       break;
-               case FIRMWARE_CHECK:
-                       seq_printf(m, pt(Opt_func), ft(func_firmware));
-                       break;
-               case POST_SETATTR:
-                       seq_printf(m, pt(Opt_func), ft(func_post));
-                       break;
-               default:
-                       snprintf(tbuf, sizeof(tbuf), "%d", entry->func);
-                       seq_printf(m, pt(Opt_func), tbuf);
-                       break;
-               }
-               seq_puts(m, " ");
-       }
+       if (entry->flags & IMA_FUNC)
+               policy_func_show(m, entry->func);
 
        if (entry->flags & IMA_MASK) {
                if (entry->mask & MAY_EXEC)