ima: Add ima_show_template_uint() template library function

This patch introduces the new function ima_show_template_uint(). This can
be used for showing integers of different sizes in ASCII format. The
function ima_show_template_data_ascii() automatically determines how to
print a stored integer by checking the integer size.

If integers have been written in canonical format,
ima_show_template_data_ascii() calls the appropriate leXX_to_cpu() function
to correctly display the value.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 4314d9a3514c18a1775b570ff07e34749b831485..f23296c33da14262da7ec977da8a741a976deda6 100644 (file)
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -24,7 +24,8 @@ enum data_formats {
        DATA_FMT_DIGEST = 0,
        DATA_FMT_DIGEST_WITH_ALGO,
        DATA_FMT_STRING,
-       DATA_FMT_HEX
+       DATA_FMT_HEX,
+       DATA_FMT_UINT
 };
 
 static int ima_write_template_field_data(const void *data, const u32 datalen,
@@ -88,6 +89,35 @@ static void ima_show_template_data_ascii(struct seq_file *m,
        case DATA_FMT_STRING:
                seq_printf(m, "%s", buf_ptr);
                break;
+       case DATA_FMT_UINT:
+               switch (field_data->len) {
+               case sizeof(u8):
+                       seq_printf(m, "%u", *(u8 *)buf_ptr);
+                       break;
+               case sizeof(u16):
+                       if (ima_canonical_fmt)
+                               seq_printf(m, "%u",
+                                          le16_to_cpu(*(u16 *)buf_ptr));
+                       else
+                               seq_printf(m, "%u", *(u16 *)buf_ptr);
+                       break;
+               case sizeof(u32):
+                       if (ima_canonical_fmt)
+                               seq_printf(m, "%u",
+                                          le32_to_cpu(*(u32 *)buf_ptr));
+                       else
+                               seq_printf(m, "%u", *(u32 *)buf_ptr);
+                       break;
+               case sizeof(u64):
+                       if (ima_canonical_fmt)
+                               seq_printf(m, "%llu",
+                                          le64_to_cpu(*(u64 *)buf_ptr));
+                       else
+                               seq_printf(m, "%llu", *(u64 *)buf_ptr);
+                       break;
+               default:
+                       break;
+               }
        default:
                break;
        }
@@ -163,6 +193,12 @@ void ima_show_template_buf(struct seq_file *m, enum ima_show_type show,
        ima_show_template_field_data(m, show, DATA_FMT_HEX, field_data);
 }
 
+void ima_show_template_uint(struct seq_file *m, enum ima_show_type show,
+                           struct ima_field_data *field_data)
+{
+       ima_show_template_field_data(m, show, DATA_FMT_UINT, field_data);
+}
+
 /**
  * ima_parse_buf() - Parses lengths and data from an input buffer
  * @bufstartp:       Buffer start address.

diff --git a/security/integrity/ima/ima_template_lib.h b/security/integrity/ima/ima_template_lib.h
index f4b2a2056d1d5ed2e876568b5a17af8cd48a8fa3..54b67c80b3155333719ebdf94d201656934180fa 100644 (file)
--- a/security/integrity/ima/ima_template_lib.h
+++ b/security/integrity/ima/ima_template_lib.h
@@ -27,6 +27,8 @@ void ima_show_template_sig(struct seq_file *m, enum ima_show_type show,
                           struct ima_field_data *field_data);
 void ima_show_template_buf(struct seq_file *m, enum ima_show_type show,
                           struct ima_field_data *field_data);
+void ima_show_template_uint(struct seq_file *m, enum ima_show_type show,
+                           struct ima_field_data *field_data);
 int ima_parse_buf(void *bufstartp, void *bufendp, void **bufcurp,
                  int maxfields, struct ima_field_data *fields, int *curfields,
                  unsigned long *len_mask, int enforce_mask, char *bufname);