Revert "ima: Add dummy boot aggregate to per ima namespace measurement list"

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 9164a7e0. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

Revert "ima: Add dummy boot aggregate to per ima namespace measurement list"
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 9164a7e0. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
0ff3d662 · Zhang Tianxing · Zheng Zengkai · 80986d4d · 0ff3d662
隐藏空白更改
内联并排

Showing with 0 addition and 62 deletion

security/integrity/ima/ima_ns.c security/integrity/ima/ima_ns.c +0 -62

未找到文件。
--- a/security/integrity/ima/ima_ns.c
+++ b/security/integrity/ima/ima_ns.c
@@ -49,66 +49,6 @@ static void dec_ima_namespaces(struct ucounts *ucounts)
 	return dec_ucount(ucounts, UCOUNT_IMA_NAMESPACES);
 }
-static int ima_ns_add_boot_aggregate(struct ima_namespace *ima_ns)
-{
-	static const char op[] = "ns_add_boot_aggregate";
-	static const char ns_aggregate_name_prefix[] = "ns_aggregate_";
-	const char *audit_cause = "ENOMEM";
-	struct ima_template_entry *entry;
-	struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
-	struct ima_event_data event_data = { .iint = iint };
-	int result = -ENOMEM;
-	int violation = 0;
-	struct {
-		struct ima_digest_data hdr;
-		char digest[TPM_DIGEST_SIZE];
-	} hash;
-	unsigned int ns_id = get_ns_id(ima_ns);
-	char *ns_aggregate_name;
-	ns_aggregate_name = kmalloc(sizeof(ns_aggregate_name_prefix) +
-				    sizeof(unsigned int),
-				    GFP_KERNEL);
-	if (!ns_aggregate_name)
-		goto err_out;
-	sprintf(ns_aggregate_name, "%s%u", ns_aggregate_name_prefix, ns_id);
-	event_data.filename = ns_aggregate_name;
-	event_data.ns_id = ns_id;
-	memset(iint, 0, sizeof(*iint));
-	memset(&hash, 0, sizeof(hash));
-	iint->ima_hash = &hash.hdr;
-	iint->ima_hash->algo = HASH_ALGO_SHA1;
-	iint->ima_hash->length = SHA1_DIGEST_SIZE;
-	result = ima_alloc_init_template(&event_data, &entry, NULL);
-	if (result < 0) {
-		audit_cause = "alloc_entry";
-		goto err_out;
-	}
-	result = ima_store_template(entry, violation, NULL,
-				    ns_aggregate_name,
-				    CONFIG_IMA_MEASURE_PCR_IDX,
-				    NULL,
-				    ima_ns);
-	if (result < 0) {
-		ima_free_template_entry(entry);
-		audit_cause = "store_entry";
-	}
-err_out:
-	if (result < 0)
-		integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL,
-				    ns_aggregate_name, op, audit_cause,
-				    result, 0);
-	kfree(ns_aggregate_name);
-	return result;
-}
 #ifdef CONFIG_IMA_LOAD_X509
 static int ima_ns_load_x509(struct ima_namespace *ima_ns)
 {
@@ -445,8 +385,6 @@ static int imans_activate(struct ima_namespace *ima_ns)
 	list_add_tail(&ima_ns->list, &ima_ns_list);
 	up_write(&ima_ns_list_lock);
-	ima_ns_add_boot_aggregate(ima_ns);
 	/* The x509 certificate has to be measured in the new namespace as
 	 * well as in the parent namespace, therefore it has to be loaded
 	 * after adding the namespace to the list of active namespaces. If