Re: [Linux-ima-user] Measurement list and path of measured files

[Jordi C. J. <jor...@sc...>]

Mimi,

I have seen the if clause you added. In which case "get_d_path()" would 
return null?


Regards,
Jordi.




On 06/18/2012 08:58 PM, Mimi Zohar wrote:
> On Mon, 2012-06-18 at 08:40 -0700, Peter Moody wrote:
>> On Mon, Jun 18, 2012 at 5:05 AM, Mimi Zohar<zo...@li...>  wrote:
>>
>>> Thanks Dmitry.  Both this version and Peter Moody's post, which uses the
>>> existing upstream audit_log_d_path() and d_path(), use the full pathname
>>> only for auditing purposes.
>> I haven't seen any response from Al, has there been any answer offlist
>> that you know of?
> No.  Let's assume, unless we hear differently, it is ok.  I was thinking
> something like the following, where get_d_path() is similar to
> audit_log_d_path().
>
> @@ -170,12 +192,17 @@ static int process_measurement(struct file *file, const un
>          rc = ima_collect_measurement(iint, file);
>          if (rc != 0)
>                  goto out;
> +
> +       pathname = get_d_path(&file->f_path,&buffer, GFP_KERNEL);
>          if (action&  IMA_MEASURE)
> -               ima_store_measurement(iint, file, filename);
> +               ima_store_measurement(iint, file,
> +                                     !pathname ? filename: pathname);
>          if (action&  IMA_APPRAISE)
> -               rc = ima_appraise_measurement(iint, file, filename);
> +               rc = ima_appraise_measurement(iint, file,
> +                                     !pathname ? filename: pathname);
>          if (action&  IMA_AUDIT)
> -               ima_audit_measurement(iint, filename);
> +               ima_audit_measurement(iint, !pathname ? filename: pathname);
> +       kfree(buffer);
>   out:
>          mutex_unlock(&inode->i_mutex);
>          return (rc&&  must_appraise) ? -EACCES : 0;
>
> thanks,
>
> Mimi
>


-- 
Jordi Cucurull Juan
Researcher
Scytl Secure Electronic Voting
Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona
jor...@sc...
http://www.scytl.com

NOTICE: The information in this e-mail and in any of its attachments is confidential and intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or retaining of this message or any part of it, without the prior written consent of Scytl Secure Electronic Voting, SA is prohibited and may be unlawful. If you have received this in error, please contact the sender and delete the material from any computer.

Your data are in a file owned by Scytl Secure Electronic Voting, S.A. You can exercice your rights of access, rectification, cancellation and opposition by contacting Scytl Secure Electronic Voting, S.A. at the following address: Gal·la Placídia, 1-3. 1st, 08006 Barcelona (Spain), according to the Organic Law 15/1999, of 13th December of Protection of Personal Data.