Add a new critical data record to measure the trimming event when ima event records are deleted for this time.
If all IMA event logs are saved in the userspace, use this type of logs to get total numbers of records deleted from beginning. Signed-off-by: steven chen <[email protected]> --- security/integrity/ima/ima_fs.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 67ff0cfc3d3f..6d3d34d07b2b 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -364,6 +364,22 @@ static const struct file_operations ima_ascii_measurements_ops = { .release = ima_measurements_release, }; +static void ima_measure_trim_event(const long number_logs) +{ + char ima_log_trim_event[IMA_LOG_TRIM_EVENT_LEN]; + struct timespec64 ts; + u64 time_ns; + int n; + + ktime_get_real_ts64(&ts); + time_ns = (u64)ts.tv_sec * 1000000000ULL + ts.tv_nsec; + n = scnprintf(ima_log_trim_event, IMA_LOG_TRIM_EVENT_LEN, + "time= %llu; number= %lu;", time_ns, number_logs); + + ima_measure_critical_data("ima_log_trim", "trim ima event logs", + ima_log_trim_event, n, false, NULL, 0); +} + static int ima_log_trim_open(struct inode *inode, struct file *file) { bool write = !!(file->f_mode & FMODE_WRITE); @@ -407,6 +423,8 @@ static ssize_t ima_log_trim_write(struct file *file, goto out; trimcount = ret; + if (trimcount > 0) + ima_measure_trim_event(trimcount); ret = datalen; out: -- 2.43.0
