return rc;
}
+static void ima_update_counts(struct ima_iint_cache *iint, int mask)
+{
+ iint->opencount++;
+ if ((mask & MAY_WRITE) || (mask == 0))
+ iint->writecount++;
+ else if (mask & (MAY_READ | MAY_EXEC))
+ iint->readcount++;
+}
+
/**
* ima_path_check - based on policy, collect/store measurement.
* @path: contains a pointer to the path to be measured
* - Opening a file for read when already open for write,
* could result in a file measurement error.
*
- * Return 0 on success, an error code on failure.
- * (Based on the results of appraise_measurement().)
+ * Always return 0 and audit dentry_open failures.
+ * (Return code will be based upon measurement appraisal.)
*/
-int ima_path_check(struct path *path, int mask)
+int ima_path_check(struct path *path, int mask, int update_counts)
{
struct inode *inode = path->dentry->d_inode;
struct ima_iint_cache *iint;
return 0;
mutex_lock(&iint->mutex);
- iint->opencount++;
- if ((mask & MAY_WRITE) || (mask == 0))
- iint->writecount++;
- else if (mask & (MAY_READ | MAY_EXEC))
- iint->readcount++;
+ if (update_counts)
+ ima_update_counts(iint, mask);
rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK);
if (rc < 0)
struct dentry *dentry = dget(path->dentry);
struct vfsmount *mnt = mntget(path->mnt);
- file = dentry_open(dentry, mnt, O_RDONLY, current_cred());
+ file = dentry_open(dentry, mnt, O_RDONLY | O_LARGEFILE,
+ current_cred());
if (IS_ERR(file)) {
- pr_info("%s dentry_open failed\n", dentry->d_name.name);
- rc = PTR_ERR(file);
+ int audit_info = 0;
+
+ integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode,
+ dentry->d_name.name,
+ "add_measurement",
+ "dentry_open failed",
+ 1, audit_info);
file = NULL;
goto out;
}
kref_put(&iint->refcount, iint_free);
return 0;
}
+EXPORT_SYMBOL_GPL(ima_path_check);
static int process_measurement(struct file *file, const unsigned char *filename,
int mask, int function)
return rc;
}
-static void opencount_get(struct file *file)
+/*
+ * ima_counts_put - decrement file counts
+ *
+ * File counts are incremented in ima_path_check. On file open
+ * error, such as ETXTBSY, decrement the counts to prevent
+ * unnecessary imbalance messages.
+ */
+void ima_counts_put(struct path *path, int mask)
+{
+ struct inode *inode = path->dentry->d_inode;
+ struct ima_iint_cache *iint;
+
+ if (!ima_initialized || !S_ISREG(inode->i_mode))
+ return;
+ iint = ima_iint_find_insert_get(inode);
+ if (!iint)
+ return;
+
+ mutex_lock(&iint->mutex);
+ iint->opencount--;
+ if ((mask & MAY_WRITE) || (mask == 0))
+ iint->writecount--;
+ else if (mask & (MAY_READ | MAY_EXEC))
+ iint->readcount--;
+ mutex_unlock(&iint->mutex);
+}
+
+/*
+ * ima_counts_get - increment file counts
+ *
+ * - for IPC shm and shmat file.
+ * - for nfsd exported files.
+ *
+ * Increment the counts for these files to prevent unnecessary
+ * imbalance messages.
+ */
+void ima_counts_get(struct file *file)
{
struct inode *inode = file->f_dentry->d_inode;
struct ima_iint_cache *iint;
return;
mutex_lock(&iint->mutex);
iint->opencount++;
+ if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
+ iint->readcount++;
+
+ if (file->f_mode & FMODE_WRITE)
+ iint->writecount++;
mutex_unlock(&iint->mutex);
}
+EXPORT_SYMBOL_GPL(ima_counts_get);
/**
* ima_file_mmap - based on policy, collect/store measurement.
return 0;
}
-/*
- * ima_shm_check - IPC shm and shmat create/fput a file
- *
- * Maintain the opencount for these files to prevent unnecessary
- * imbalance messages.
- */
-void ima_shm_check(struct file *file)
-{
- opencount_get(file);
- return;
-}
-
/**
* ima_bprm_check - based on policy, collect/store measurement.
* @bprm: contains the linux_binprm structure