[PATCH 3/5] integrity: update the file measurement on write
Janne Karhunen
janne.karhunen at gmail.com
Mon May 13 12:53:52 UTC 2019
When a file is being written, mark the file for IMA for delayed
re-measurement.
Depends on commit c8213962517e ("integrity: keep the integrity state of open files up to date")'
Signed-off-by: Janne Karhunen <janne.karhunen at gmail.com>
Signed-off-by: Konsta Karsisto <konsta.karsisto at gmail.com>
---
fs/read_write.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/read_write.c b/fs/read_write.c
index 177ccc3d405a..bfe10d6dc135 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -20,6 +20,7 @@
#include <linux/compat.h>
#include <linux/mount.h>
#include <linux/fs.h>
+#include <linux/ima.h>
#include "internal.h"
#include <linux/uaccess.h>
@@ -481,12 +482,18 @@ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t
static ssize_t __vfs_write(struct file *file, const char __user *p,
size_t count, loff_t *pos)
{
+ ssize_t sz;
+
if (file->f_op->write)
- return file->f_op->write(file, p, count, pos);
+ sz = file->f_op->write(file, p, count, pos);
else if (file->f_op->write_iter)
- return new_sync_write(file, p, count, pos);
+ sz = new_sync_write(file, p, count, pos);
else
return -EINVAL;
+
+ if (sz >= 1)
+ ima_delayed_update(file);
+ return sz;
}
ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
--
2.17.1
More information about the Linux-security-module-archive
mailing list