ima: do not send field length to userspace for digest of ima template
This patch defines a new value for the 'ima_show_type' enumerator (IMA_SHOW_BINARY_NO_FIELD_LEN) to prevent that the field length is transmitted through the 'binary_runtime_measurements' interface for the digest field of the 'ima' template. Fixes commit: 3ce1217 ima: define template fields library and new helpers Signed-off-by: Roberto Sassu <roberto.sassu@polito.it> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Родитель
b6f8f16f41
Коммит
3e8e5503a3
|
@ -26,7 +26,8 @@
|
|||
|
||||
#include "../integrity.h"
|
||||
|
||||
enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_ASCII };
|
||||
enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN,
|
||||
IMA_SHOW_ASCII };
|
||||
enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
|
||||
|
||||
/* digest size for IMA, fits SHA1 or MD5 */
|
||||
|
|
|
@ -120,6 +120,7 @@ static int ima_measurements_show(struct seq_file *m, void *v)
|
|||
struct ima_template_entry *e;
|
||||
int namelen;
|
||||
u32 pcr = CONFIG_IMA_MEASURE_PCR_IDX;
|
||||
bool is_ima_template = false;
|
||||
int i;
|
||||
|
||||
/* get entry */
|
||||
|
@ -145,14 +146,21 @@ static int ima_measurements_show(struct seq_file *m, void *v)
|
|||
ima_putc(m, e->template_desc->name, namelen);
|
||||
|
||||
/* 5th: template length (except for 'ima' template) */
|
||||
if (strcmp(e->template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0)
|
||||
if (strcmp(e->template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0)
|
||||
is_ima_template = true;
|
||||
|
||||
if (!is_ima_template)
|
||||
ima_putc(m, &e->template_data_len,
|
||||
sizeof(e->template_data_len));
|
||||
|
||||
/* 6th: template specific data */
|
||||
for (i = 0; i < e->template_desc->num_fields; i++) {
|
||||
e->template_desc->fields[i]->field_show(m, IMA_SHOW_BINARY,
|
||||
&e->template_data[i]);
|
||||
enum ima_show_type show = IMA_SHOW_BINARY;
|
||||
struct ima_template_field *field = e->template_desc->fields[i];
|
||||
|
||||
if (is_ima_template && strcmp(field->field_id, "d") == 0)
|
||||
show = IMA_SHOW_BINARY_NO_FIELD_LEN;
|
||||
field->field_show(m, show, &e->template_data[i]);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -109,9 +109,12 @@ static void ima_show_template_data_binary(struct seq_file *m,
|
|||
enum data_formats datafmt,
|
||||
struct ima_field_data *field_data)
|
||||
{
|
||||
ima_putc(m, &field_data->len, sizeof(u32));
|
||||
if (show != IMA_SHOW_BINARY_NO_FIELD_LEN)
|
||||
ima_putc(m, &field_data->len, sizeof(u32));
|
||||
|
||||
if (!field_data->len)
|
||||
return;
|
||||
|
||||
ima_putc(m, field_data->data, field_data->len);
|
||||
}
|
||||
|
||||
|
@ -125,6 +128,7 @@ static void ima_show_template_field_data(struct seq_file *m,
|
|||
ima_show_template_data_ascii(m, show, datafmt, field_data);
|
||||
break;
|
||||
case IMA_SHOW_BINARY:
|
||||
case IMA_SHOW_BINARY_NO_FIELD_LEN:
|
||||
ima_show_template_data_binary(m, show, datafmt, field_data);
|
||||
break;
|
||||
default:
|
||||
|
|
Загрузка…
Ссылка в новой задаче