ima: refactor ima_policy_show() to display "ima_hooks" rules

Define and call a function to display the "ima_hooks" rules. Signed-off-by: N Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: N Petko Manolov <petkan@mip-labs.com> Acked-by: N Dmitry Kasatkin <dmitry.kasatkin@huawei.com>

ima: refactor ima_policy_show() to display "ima_hooks" rules
Define and call a function to display the "ima_hooks" rules. Signed-off-by: N Mimi Zohar <zohar@linux.vnet.ibm.com> Acked-by: N Petko Manolov <petkan@mip-labs.com> Acked-by: N Dmitry Kasatkin <dmitry.kasatkin@huawei.com>
b5269ab3 · Mimi Zohar · 1525b06d · b5269ab3
显示空白变更内容
内联并排

Showing with 36 addition and 27 deletion

security/integrity/ima/ima_policy.c security/integrity/ima/ima_policy.c +36 -27

未找到文件。
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -903,29 +903,14 @@ void ima_policy_stop(struct seq_file *m, void *v)
 #define mt(token)	mask_tokens[token]
 #define ft(token)	func_tokens[token]
-int ima_policy_show(struct seq_file *m, void *v)
+/*
+ * policy_func_show - display the ima_hooks policy rule
+ */
+static void policy_func_show(struct seq_file *m, enum ima_hooks func)
 {
-	struct ima_rule_entry *entry = v;
-	int i = 0;
 	char tbuf[64] = {0,};
-	rcu_read_lock();
+	switch (func) {
-	if (entry->action & MEASURE)
-		seq_puts(m, pt(Opt_measure));
-	if (entry->action & DONT_MEASURE)
-		seq_puts(m, pt(Opt_dont_measure));
-	if (entry->action & APPRAISE)
-		seq_puts(m, pt(Opt_appraise));
-	if (entry->action & DONT_APPRAISE)
-		seq_puts(m, pt(Opt_dont_appraise));
-	if (entry->action & AUDIT)
-		seq_puts(m, pt(Opt_audit));
-	seq_puts(m, " ");
-	if (entry->flags & IMA_FUNC) {
-		switch (entry->func) {
 	case FILE_CHECK:
 		seq_printf(m, pt(Opt_func), ft(func_file));
 		break;
@@ -945,12 +930,36 @@ int ima_policy_show(struct seq_file *m, void *v)
 		seq_printf(m, pt(Opt_func), ft(func_post));
 		break;
 	default:
-			snprintf(tbuf, sizeof(tbuf), "%d", entry->func);
+		snprintf(tbuf, sizeof(tbuf), "%d", func);
 		seq_printf(m, pt(Opt_func), tbuf);
 		break;
 	}
 	seq_puts(m, " ");
-	}
+}
+int ima_policy_show(struct seq_file *m, void *v)
+{
+	struct ima_rule_entry *entry = v;
+	int i = 0;
+	char tbuf[64] = {0,};
+	rcu_read_lock();
+	if (entry->action & MEASURE)
+		seq_puts(m, pt(Opt_measure));
+	if (entry->action & DONT_MEASURE)
+		seq_puts(m, pt(Opt_dont_measure));
+	if (entry->action & APPRAISE)
+		seq_puts(m, pt(Opt_appraise));
+	if (entry->action & DONT_APPRAISE)
+		seq_puts(m, pt(Opt_dont_appraise));
+	if (entry->action & AUDIT)
+		seq_puts(m, pt(Opt_audit));
+	seq_puts(m, " ");
+	if (entry->flags & IMA_FUNC)
+		policy_func_show(m, entry->func);
 	if (entry->flags & IMA_MASK) {
 		if (entry->mask & MAY_EXEC)