Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
digest-list-tools
提交
67bc5cb7
D
digest-list-tools
项目概览
openeuler
/
digest-list-tools
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
digest-list-tools
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
67bc5cb7
编写于
5月 01, 2020
作者:
R
Roberto Sassu
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add option to set EVM xattr from generators
上级
e60a53ad
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
59 addition
and
27 deletion
+59
-27
generators/compact.c
generators/compact.c
+17
-7
generators/rpm.c
generators/rpm.c
+25
-13
generators/unknown.c
generators/unknown.c
+17
-7
未找到文件。
generators/compact.c
浏览文件 @
67bc5cb7
...
...
@@ -38,7 +38,7 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
struct
list_struct
*
list_file
,
enum
hash_algo
algo
,
enum
hash_algo
ima_algo
,
bool
tlv
,
bool
gen_list
,
bool
include_lsm_label
,
bool
root_cred
,
bool
set_ima_xattr
,
char
*
alt_root
,
char
*
caps
)
bool
set_evm_xattr
,
char
*
alt_root
,
char
*
caps
)
{
cap_t
c
;
u8
ima_xattr
[
2048
];
...
...
@@ -100,6 +100,12 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
return
ret
;
}
if
(
set_evm_xattr
)
{
ret
=
write_evm_xattr
(
path
,
algo
);
if
(
ret
<
0
)
return
ret
;
}
if
(
include_lsm_label
==
1
)
obj_label_len
=
getxattr
(
path
,
XATTR_NAME_SELINUX
,
NULL
,
0
);
...
...
@@ -163,7 +169,7 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
}
}
ret
=
evm_calc_hmac_or_hash
(
HASH_ALGO_SHA256
,
evm_digest
,
ret
=
evm_calc_hmac_or_hash
(
algo
,
evm_digest
,
obj_label_len
,
obj_label
,
ima_xattr_len
,
ima_xattr
,
caps_bin_len
,
caps_bin
,
...
...
@@ -251,7 +257,7 @@ int generator(int dirfd, int pos, struct list_head *head_in,
int
fts_flags
=
(
FTS_PHYSICAL
|
FTS_COMFOLLOW
|
FTS_NOCHDIR
|
FTS_XDEV
);
int
include_ima_digests
=
0
,
only_executables
=
0
,
set_ima_xattr
=
0
;
int
ret
=
0
,
fd
,
prefix_len
,
include_lsm_label
=
0
,
include_file
=
0
;
int
path_list_ext
=
0
;
int
path_list_ext
=
0
,
set_evm_xattr
=
0
;
int
use_path_list_filename
=
0
,
root_cred
=
0
,
include_path
=
0
,
i
;
list_for_each_entry
(
cur
,
head_in
,
list
)
{
...
...
@@ -282,8 +288,12 @@ int generator(int dirfd, int pos, struct list_head *head_in,
root_cred
=
1
;
if
(
cur
->
path
[
0
]
==
'F'
)
include_path
=
1
;
if
(
cur
->
path
[
0
]
==
'x'
)
set_ima_xattr
=
1
;
if
(
cur
->
path
[
0
]
==
'x'
)
{
if
(
!
strcmp
(
&
cur
->
path
[
2
],
"evm"
))
set_evm_xattr
=
1
;
else
set_ima_xattr
=
1
;
}
}
if
(
path_list
)
{
...
...
@@ -450,8 +460,8 @@ int generator(int dirfd, int pos, struct list_head *head_in,
list_file
,
algo
,
ima_algo
,
tlv
,
gen_list_path
!=
NULL
,
include_lsm_label
,
root_cred
,
set_ima_xattr
,
alt_root
,
cur
->
attrs
[
4
]);
set_ima_xattr
,
set_evm_xattr
,
alt_root
,
cur
->
attrs
[
4
]);
if
(
!
ret
)
unlink
=
false
;
if
(
ret
<
0
&&
ret
!=
-
ENOENT
&&
...
...
generators/rpm.c
浏览文件 @
67bc5cb7
...
...
@@ -63,7 +63,8 @@ static int add_file(int dirfd, char *filename, Header *hdr, u16 type,
struct
list_head
*
head_out
,
enum
hash_algo
algo
,
enum
hash_algo
ima_algo
,
bool
tlv
,
bool
include_ima_digests
,
bool
include_lsm_label
,
bool
only_executables
,
bool
include_path
,
bool
set_ima_xattr
,
char
*
alt_root
)
bool
include_path
,
bool
set_ima_xattr
,
int
set_evm_xattr
,
char
*
alt_root
)
{
const
char
*
ima_digest_str
,
*
filecaps_str
,
*
basename
,
*
dirname
;
enum
pgp_hash_algo
pgp_algo
;
...
...
@@ -191,6 +192,12 @@ static int add_file(int dirfd, char *filename, Header *hdr, u16 type,
if
(
ret
<
0
)
goto
out_close
;
if
(
set_evm_xattr
)
{
ret
=
write_evm_xattr
(
file_path
,
algo
);
if
(
ret
<
0
)
return
ret
;
}
if
(
include_lsm_label
)
{
ret
=
get_selinux_label
(
file_path
,
alt_root
,
&
obj_label
,
mode
);
...
...
@@ -217,7 +224,7 @@ static int add_file(int dirfd, char *filename, Header *hdr, u16 type,
rawvfscap_len
=
0
;
}
ret
=
evm_calc_hmac_or_hash
(
HASH_ALGO_SHA256
,
ret
=
evm_calc_hmac_or_hash
(
algo
,
evm_digest
,
obj_label_len
,
obj_label
,
ima_xattr_len
,
ima_xattr
,
rawvfscap_len
,
(
u8
*
)
&
rawvfscap
,
...
...
@@ -403,7 +410,7 @@ static int parse_options(struct list_head *head_in, bool tlv,
int
*
include_ima_digests
,
int
*
include_lsm_label
,
int
*
only_executables
,
int
*
include_path
,
char
**
output_format
,
char
**
package
,
int
*
set_ima_xattr
)
int
*
set_ima_xattr
,
int
*
set_evm_xattr
)
{
struct
path_struct
*
cur
;
...
...
@@ -425,8 +432,12 @@ static int parse_options(struct list_head *head_in, bool tlv,
*
output_format
=
&
cur
->
path
[
2
];
if
(
cur
->
path
[
0
]
==
'p'
)
*
package
=
&
cur
->
path
[
2
];
if
(
cur
->
path
[
0
]
==
'x'
)
*
set_ima_xattr
=
1
;
if
(
cur
->
path
[
0
]
==
'x'
)
{
if
(
!
strcmp
(
&
cur
->
path
[
2
],
"evm"
))
*
set_evm_xattr
=
1
;
else
*
set_ima_xattr
=
1
;
}
}
if
(
output_format
)
{
...
...
@@ -449,7 +460,7 @@ int db_generator(int dirfd, int pos, struct list_head *head_in,
Header
hdr
;
rpmdbMatchIterator
mi
;
LIST_HEAD
(
digest_list_head
);
int
include_ima_digests
=
0
,
include_lsm_label
=
0
;
int
include_ima_digests
=
0
,
include_lsm_label
=
0
,
set_evm_xattr
=
0
;
int
only_executables
=
0
,
include_path
=
0
,
set_ima_xattr
=
0
;
char
*
output_format
=
FORMAT
;
char
*
package
=
NULL
;
...
...
@@ -458,7 +469,7 @@ int db_generator(int dirfd, int pos, struct list_head *head_in,
ret
=
parse_options
(
head_in
,
tlv
,
&
include_ima_digests
,
&
include_lsm_label
,
&
only_executables
,
&
include_path
,
&
output_format
,
&
package
,
&
set_ima_xattr
);
&
set_ima_xattr
,
&
set_evm_xattr
);
if
(
ret
<
0
)
return
ret
;
...
...
@@ -504,7 +515,7 @@ int db_generator(int dirfd, int pos, struct list_head *head_in,
head_in
,
head_out
,
algo
,
ima_algo
,
tlv
,
include_ima_digests
,
include_lsm_label
,
only_executables
,
include_path
,
set_ima_xattr
,
alt_root
);
set_ima_xattr
,
set_evm_xattr
,
alt_root
);
else
ret
=
gen_rpm_digest_list
(
hdr
,
dirfd
,
filename
,
head_out
);
...
...
@@ -539,7 +550,7 @@ static int _pkg_generator(int dirfd, int pos, char *path,
bool
tlv
,
char
*
output_format
,
int
include_ima_digests
,
int
include_lsm_label
,
int
only_executables
,
int
include_path
,
int
set_ima_xattr
,
char
*
alt_root
)
int
set_ima_xattr
,
int
set_evm_xattr
,
char
*
alt_root
)
{
char
filename
[
NAME_MAX
+
1
];
Header
hdr
;
...
...
@@ -582,7 +593,7 @@ static int _pkg_generator(int dirfd, int pos, char *path,
head_in
,
head_out
,
algo
,
ima_algo
,
tlv
,
include_ima_digests
,
include_lsm_label
,
only_executables
,
include_path
,
set_ima_xattr
,
alt_root
);
set_evm_xattr
,
alt_root
);
else
ret
=
gen_rpm_digest_list
(
hdr
,
dirfd
,
filename
,
head_out
);
if
(
ret
<
0
&&
ret
!=
-
ENODATA
)
...
...
@@ -600,7 +611,7 @@ int pkg_generator(int dirfd, int pos, struct list_head *head_in,
bool
tlv
,
char
*
alt_root
)
{
struct
path_struct
*
cur
;
int
include_ima_digests
=
0
,
include_lsm_label
=
0
;
int
include_ima_digests
=
0
,
include_lsm_label
=
0
,
set_evm_xattr
=
0
;
int
only_executables
=
0
,
include_path
=
0
,
set_ima_xattr
=
0
;
char
*
output_format
=
FORMAT
;
char
*
package
=
NULL
;
...
...
@@ -618,7 +629,7 @@ int pkg_generator(int dirfd, int pos, struct list_head *head_in,
ret
=
parse_options
(
head_in
,
tlv
,
&
include_ima_digests
,
&
include_lsm_label
,
&
only_executables
,
&
include_path
,
&
output_format
,
&
package
,
&
set_ima_xattr
);
&
set_ima_xattr
,
&
set_evm_xattr
);
if
(
ret
<
0
)
return
ret
;
...
...
@@ -651,7 +662,8 @@ int pkg_generator(int dirfd, int pos, struct list_head *head_in,
type
,
modifiers
,
algo
,
ima_algo
,
tlv
,
output_format
,
include_ima_digests
,
include_lsm_label
,
only_executables
,
include_path
,
set_ima_xattr
,
alt_root
);
include_path
,
set_ima_xattr
,
set_evm_xattr
,
alt_root
);
if
(
ret
<
0
&&
ret
!=
-
ENOENT
&&
ret
!=
-
ENODATA
)
goto
out_fts_close
;
...
...
generators/unknown.c
浏览文件 @
67bc5cb7
...
...
@@ -38,8 +38,8 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
struct
stat
*
st
,
struct
list_struct
*
list
,
struct
list_struct
*
list_file
,
enum
hash_algo
algo
,
enum
hash_algo
ima_algo
,
bool
tlv
,
bool
gen_list
,
bool
include_lsm_label
,
bool
root_cred
,
int
set_ima_xattr
,
char
*
alt_root
,
char
*
caps
)
bool
include_lsm_label
,
bool
root_cred
,
bool
set_ima_xattr
,
bool
set_evm_xattr
,
char
*
alt_root
,
char
*
caps
)
{
cap_t
c
;
struct
ima_digest
*
found_digest
;
...
...
@@ -92,6 +92,12 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
return
ret
;
}
if
(
set_evm_xattr
)
{
ret
=
write_evm_xattr
(
path
,
algo
);
if
(
ret
<
0
)
return
ret
;
}
if
(
include_lsm_label
)
obj_label_len
=
getxattr
(
path
,
XATTR_NAME_SELINUX
,
NULL
,
0
);
...
...
@@ -155,7 +161,7 @@ static int add_file(int dirfd, int fd, char *path, u16 type, u16 modifiers,
}
}
ret
=
evm_calc_hmac_or_hash
(
HASH_ALGO_SHA256
,
evm_digest
,
ret
=
evm_calc_hmac_or_hash
(
algo
,
evm_digest
,
obj_label_len
,
obj_label
,
ima_xattr_len
,
ima_xattr
,
caps_bin_len
,
caps_bin
,
...
...
@@ -246,7 +252,7 @@ int generator(int dirfd, int pos, struct list_head *head_in,
struct
group
*
grp
;
int
include_ima_digests
=
0
,
only_executables
=
0
,
root_cred
=
0
;
int
include_path
=
0
,
include_file
=
0
,
set_ima_xattr
=
0
;
int
path_list_ext
=
0
;
int
path_list_ext
=
0
,
set_evm_xattr
=
0
;
int
fts_flags
=
(
FTS_PHYSICAL
|
FTS_COMFOLLOW
|
FTS_NOCHDIR
|
FTS_XDEV
);
int
ret
,
i
,
digest_lists_dirfd
,
fd
,
prefix_len
,
include_lsm_label
=
0
;
...
...
@@ -281,8 +287,12 @@ int generator(int dirfd, int pos, struct list_head *head_in,
root_cred
=
1
;
if
(
cur
->
path
[
0
]
==
'F'
)
include_path
=
1
;
if
(
cur
->
path
[
0
]
==
'x'
)
set_ima_xattr
=
1
;
if
(
cur
->
path
[
0
]
==
'x'
)
{
if
(
!
strcmp
(
&
cur
->
path
[
2
],
"evm"
))
set_evm_xattr
=
1
;
else
set_ima_xattr
=
1
;
}
}
if
(
!
digest_lists_dir
)
{
...
...
@@ -452,7 +462,7 @@ int generator(int dirfd, int pos, struct list_head *head_in,
list
,
list_file
,
algo
,
ima_algo
,
tlv
,
gen_list_path
!=
NULL
,
include_lsm_label
,
root_cred
,
set_ima_xattr
,
alt_root
,
cur
->
attrs
[
4
]);
set_evm_xattr
,
alt_root
,
cur
->
attrs
[
4
]);
if
(
!
ret
)
unlink
=
false
;
else
if
(
ret
<
0
&&
ret
!=
-
EEXIST
&&
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录