Merge branch 'master' of git://1984.lsi.us.es/nf

author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2013-02-21 17:07:14 +0100
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2013-02-21 17:07:14 +0100
commit: e29371d762df5bb35d2bc434ea266a046e5a0a75 (patch)
tree: dac4a8db52d92453415f35606130a49e9f32e4ef /security/integrity/ima/ima_main.c
parent: 17b14ca25e9cd6c5cd7605941f6120e405a84f8b (diff)
parent: 894e2ac82bd0029adce7ad6c8d25501fdd82c994 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 73c9a268253..dba965de90d 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -280,6 +280,31 @@ int ima_file_check(struct file *file, int mask)
 }
 EXPORT_SYMBOL_GPL(ima_file_check);
 
+/**
+ * ima_module_check - based on policy, collect/store/appraise measurement.
+ * @file: pointer to the file to be measured/appraised
+ *
+ * Measure/appraise kernel modules based on policy.
+ *
+ * Always return 0 and audit dentry_open failures.
+ * Return code is based upon measurement appraisal.
+ */
+int ima_module_check(struct file *file)
+{
+	int rc = 0;
+
+	if (!file) {
+		if (ima_appraise & IMA_APPRAISE_MODULES) {
+#ifndef CONFIG_MODULE_SIG_FORCE
+			rc = -EACCES;	/* INTEGRITY_UNKNOWN */
+#endif
+		}
+	} else
+		rc = process_measurement(file, file->f_dentry->d_name.name,
+					 MAY_EXEC, MODULE_CHECK);
+	return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
+}
+
 static int __init init_ima(void)
 {
 	int error;
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2013-02-21 17:07:14 +0100
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2013-02-21 17:07:14 +0100
commit	e29371d762df5bb35d2bc434ea266a046e5a0a75 (patch)
tree	dac4a8db52d92453415f35606130a49e9f32e4ef /security/integrity/ima/ima_main.c
parent	17b14ca25e9cd6c5cd7605941f6120e405a84f8b (diff)
parent	894e2ac82bd0029adce7ad6c8d25501fdd82c994 (diff)