#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/security.h>
+#include <linux/ima.h>
/* Boot-time LSM user choice */
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1];
int security_bprm_check(struct linux_binprm *bprm)
{
- return security_ops->bprm_check_security(bprm);
+ int ret;
+
+ ret = security_ops->bprm_check_security(bprm);
+ if (ret)
+ return ret;
+ return ima_bprm_check(bprm);
}
void security_bprm_committing_creds(struct linux_binprm *bprm)
int security_inode_alloc(struct inode *inode)
{
+ int ret;
+
inode->i_security = NULL;
- return security_ops->inode_alloc_security(inode);
+ ret = security_ops->inode_alloc_security(inode);
+ if (ret)
+ return ret;
+ ret = ima_inode_alloc(inode);
+ if (ret)
+ security_inode_free(inode);
+ return ret;
}
void security_inode_free(struct inode *inode)
{
+ ima_inode_free(inode);
security_ops->inode_free_security(inode);
}
void security_file_free(struct file *file)
{
security_ops->file_free_security(file);
+ if (file->f_dentry)
+ ima_file_free(file);
}
int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
unsigned long prot, unsigned long flags,
unsigned long addr, unsigned long addr_only)
{
- return security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only);
+ int ret;
+
+ ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only);
+ if (ret)
+ return ret;
+ return ima_file_mmap(file, prot);
}
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,