Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
digest-list-tools
提交
b558a83a
D
digest-list-tools
项目概览
openeuler
/
digest-list-tools
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
digest-list-tools
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
b558a83a
编写于
5月 20, 2020
作者:
R
Roberto Sassu
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add option to set metadata for digest lists
上级
4b2c520a
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
63 addition
and
17 deletion
+63
-17
include/compact_list.h
include/compact_list.h
+1
-1
lib/compact_list.c
lib/compact_list.c
+58
-16
src/upload_digest_lists.c
src/upload_digest_lists.c
+4
-0
未找到文件。
include/compact_list.h
浏览文件 @
b558a83a
...
@@ -28,7 +28,7 @@ enum parser_ops { PARSER_OP_ADD_DIGEST, PARSER_OP_ADD_DIGEST_TO_HTABLE,
...
@@ -28,7 +28,7 @@ enum parser_ops { PARSER_OP_ADD_DIGEST, PARSER_OP_ADD_DIGEST_TO_HTABLE,
PARSER_OP_ADD_EVM_XATTR
,
PARSER_OP_REMOVE_EVM_XATTR
,
PARSER_OP_ADD_EVM_XATTR
,
PARSER_OP_REMOVE_EVM_XATTR
,
PARSER_OP_REMOVE_INFOFLOW_XATTR
,
PARSER_OP_VERIFY
,
PARSER_OP_REMOVE_INFOFLOW_XATTR
,
PARSER_OP_VERIFY
,
PARSER_OP_DUMP
,
PARSER_OP_GEN_IMA_LIST
,
PARSER_OP_CHECK_META
,
PARSER_OP_DUMP
,
PARSER_OP_GEN_IMA_LIST
,
PARSER_OP_CHECK_META
,
PARSER_OP_REPAIR_META
};
PARSER_OP_REPAIR_META
,
PARSER_OP_REPAIR_META_DIGEST_LISTS
};
enum
tlv_ids
{
ID_DIGEST
,
ID_EVM_DIGEST
,
ID_PATH
,
ID_INODE_UID
,
ID_INODE_GID
,
enum
tlv_ids
{
ID_DIGEST
,
ID_EVM_DIGEST
,
ID_PATH
,
ID_INODE_UID
,
ID_INODE_GID
,
ID_INODE_MODE
,
ID_INODE_SIZE
,
ID_FSMAGIC
,
ID_OBJ_LABEL
,
ID_CAPS
,
ID_INODE_MODE
,
ID_INODE_SIZE
,
ID_FSMAGIC
,
ID_OBJ_LABEL
,
ID_CAPS
,
...
...
lib/compact_list.c
浏览文件 @
b558a83a
...
@@ -25,6 +25,7 @@
...
@@ -25,6 +25,7 @@
#include <linux/fs.h>
#include <linux/fs.h>
#include <linux/magic.h>
#include <linux/magic.h>
#include <sys/capability.h>
#include <sys/capability.h>
#include <selinux/selinux.h>
#include "compact_list.h"
#include "compact_list.h"
#include "crypto.h"
#include "crypto.h"
...
@@ -35,6 +36,10 @@
...
@@ -35,6 +36,10 @@
#include "ima_list.h"
#include "ima_list.h"
#include "selinux.h"
#include "selinux.h"
#define DIGEST_LIST_LABEL "system_u:object_r:etc_t:s0"
#define DIGEST_LIST_MODE 0644
#define DIGEST_LIST_ALGO HASH_ALGO_SHA256
char
*
compact_types_str
[
COMPACT__LAST
]
=
{
char
*
compact_types_str
[
COMPACT__LAST
]
=
{
[
COMPACT_KEY
]
=
"key"
,
[
COMPACT_KEY
]
=
"key"
,
[
COMPACT_PARSER
]
=
"parser"
,
[
COMPACT_PARSER
]
=
"parser"
,
...
@@ -610,18 +615,6 @@ out:
...
@@ -610,18 +615,6 @@ out:
return
ret
;
return
ret
;
}
}
int
digest_list_update_evm_xattr
(
int
dirfd
,
char
*
digest_list_filename
)
{
u8
evm_xattr_value
=
EVM_XATTR_HMAC
;
int
fd
;
fd
=
openat
(
dirfd
,
digest_list_filename
,
O_RDONLY
);
if
(
fd
<
0
)
return
-
EACCES
;
return
fsetxattr
(
fd
,
XATTR_NAME_EVM
,
&
evm_xattr_value
,
1
,
0
);
}
int
digest_list_upload
(
int
dirfd
,
int
fd
,
struct
list_head
*
head
,
int
digest_list_upload
(
int
dirfd
,
int
fd
,
struct
list_head
*
head
,
struct
list_head
*
parser_lib_head
,
struct
list_head
*
parser_lib_head
,
char
*
digest_list_filename
,
enum
parser_ops
op
,
char
*
digest_list_filename
,
enum
parser_ops
op
,
...
@@ -690,8 +683,6 @@ out_add_metadata:
...
@@ -690,8 +683,6 @@ out_add_metadata:
ret
=
digest_list_add_metadata
(
dirfd
,
fd
,
digest_list_filename
,
ret
=
digest_list_add_metadata
(
dirfd
,
fd
,
digest_list_filename
,
digest_lists_dir
,
head
,
buf
,
digest_lists_dir
,
head
,
buf
,
size
);
size
);
else
if
(
op
==
PARSER_OP_ADD_EVM_XATTR
)
ret
=
digest_list_update_evm_xattr
(
dirfd
,
digest_list_filename
);
out:
out:
munmap
(
buf
,
size
);
munmap
(
buf
,
size
);
return
ret
;
return
ret
;
...
@@ -705,8 +696,12 @@ int process_lists(int dirfd, int fd, int save, int verbose,
...
@@ -705,8 +696,12 @@ int process_lists(int dirfd, int fd, int save, int verbose,
struct
dirent
**
digest_lists
;
struct
dirent
**
digest_lists
;
LIST_HEAD
(
parser_lib_head
);
LIST_HEAD
(
parser_lib_head
);
struct
key_struct
*
k
;
struct
key_struct
*
k
;
char
path
[
PATH_MAX
],
*
path_ptr
=
NULL
;
char
path
[
PATH_MAX
],
path_sig
[
PATH_MAX
],
*
path_ptr
=
NULL
;
int
ret
,
i
,
n
;
u8
digest
[
SHA512_DIGEST_SIZE
];
u8
xattr
[
2
+
SHA512_DIGEST_SIZE
];
void
*
sig
;
loff_t
sig_len
;
int
ret
,
i
,
n
,
xattr_len
;
n
=
scandirat
(
dirfd
,
"."
,
&
digest_lists
,
filter
[
type
],
compare_lists
);
n
=
scandirat
(
dirfd
,
"."
,
&
digest_lists
,
filter
[
type
],
compare_lists
);
if
(
n
==
-
1
)
{
if
(
n
==
-
1
)
{
...
@@ -754,6 +749,53 @@ int process_lists(int dirfd, int fd, int save, int verbose,
...
@@ -754,6 +749,53 @@ int process_lists(int dirfd, int fd, int save, int verbose,
ret
=
ima_generate_entry
(
dirfd
,
fd
,
digest_lists_dir
,
ret
=
ima_generate_entry
(
dirfd
,
fd
,
digest_lists_dir
,
digest_lists
[
i
]
->
d_name
);
digest_lists
[
i
]
->
d_name
);
break
;
break
;
case
PARSER_OP_REPAIR_META_DIGEST_LISTS
:
snprintf
(
path
,
sizeof
(
path
),
"%s/%s"
,
digest_lists_dir
,
digest_lists
[
i
]
->
d_name
);
snprintf
(
path_sig
,
sizeof
(
path_sig
),
"%s.sig/%s.sig"
,
digest_lists_dir
,
digest_lists
[
i
]
->
d_name
);
ret
=
read_file_from_path
(
-
1
,
path_sig
,
&
sig
,
&
sig_len
);
if
(
ret
<
0
)
break
;
ret
=
lsetxattr
(
path
,
XATTR_NAME_EVM
,
sig
,
sig_len
,
0
);
munmap
(
sig
,
sig_len
);
if
(
ret
<
0
)
{
printf
(
"Cannot set EVM xattr to %s
\n
"
,
path
);
break
;
}
ret
=
lsetfilecon
(
path
,
DIGEST_LIST_LABEL
);
if
(
ret
<
0
)
{
printf
(
"Cannot set SELinux label %s to %s
\n
"
,
DIGEST_LIST_LABEL
,
path
);
break
;
}
ret
=
chmod
(
path
,
DIGEST_LIST_MODE
);
if
(
ret
<
0
)
{
printf
(
"Cannot set mode %d to %s
\n
"
,
DIGEST_LIST_MODE
,
path
);
break
;
}
ret
=
calc_file_digest
(
digest
,
-
1
,
path
,
DIGEST_LIST_ALGO
);
if
(
ret
<
0
)
{
printf
(
"Cannot calculate digest of %s
\n
"
,
path
);
break
;
}
ret
=
gen_write_ima_xattr
(
xattr
,
&
xattr_len
,
path
,
DIGEST_LIST_ALGO
,
digest
,
true
,
true
);
if
(
ret
<
0
)
printf
(
"Cannot set IMA xattr to %s
\n
"
,
path
);
break
;
default:
default:
if
(
backup_dir
)
{
if
(
backup_dir
)
{
snprintf
(
path
,
sizeof
(
path
),
"%s/%s"
,
snprintf
(
path
,
sizeof
(
path
),
"%s/%s"
,
...
...
src/upload_digest_lists.c
浏览文件 @
b558a83a
...
@@ -166,6 +166,10 @@ int main(int argc, char *argv[])
...
@@ -166,6 +166,10 @@ int main(int argc, char *argv[])
}
else
if
(
!
strcmp
(
optarg
,
"repair-meta"
))
{
}
else
if
(
!
strcmp
(
optarg
,
"repair-meta"
))
{
op
=
PARSER_OP_REPAIR_META
;
op
=
PARSER_OP_REPAIR_META
;
fd
=
-
2
;
fd
=
-
2
;
}
else
if
(
!
strcmp
(
optarg
,
"repair-meta-digest-lists"
))
{
op
=
PARSER_OP_REPAIR_META_DIGEST_LISTS
;
fd
=
-
2
;
}
else
{
}
else
{
printf
(
"Invalid parser op %s
\n
"
,
optarg
);
printf
(
"Invalid parser op %s
\n
"
,
optarg
);
return
1
;
return
1
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录