Add a new critical data record to measure the trimming event when ima event records are deleted since system boot up.
If all IMA event logs are saved in the userspace, use this log to get total numbers of records deleted since system boot up at that point. Signed-off-by: steven chen <[email protected]> --- security/integrity/ima/ima_fs.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 7f805ab62f6c..1d6befa51044 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -43,6 +43,7 @@ static int valid_policy = 1; #define IMA_LOG_TRIM_REQ_NUM_LENGTH 15 #define IMA_LOG_TRIM_REQ_TOTAL_LENGTH 32 +#define IMA_LOG_TRIM_EVENT_LEN 256 static long trimcount; /* mutex protects atomicity of trimming measurement list @@ -364,6 +365,22 @@ static const struct file_operations ima_ascii_measurements_ops = { .release = ima_measurements_release, }; +static void ima_measure_trim_event(void) +{ + char ima_log_trim_event[IMA_LOG_TRIM_EVENT_LEN]; + struct timespec64 ts; + u64 time_ns; + int n; + + ktime_get_real_ts64(&ts); + time_ns = (u64)ts.tv_sec * 1000000000ULL + ts.tv_nsec; + n = scnprintf(ima_log_trim_event, IMA_LOG_TRIM_EVENT_LEN, + "time= %llu; number= %lu;", time_ns, trimcount); + + ima_measure_critical_data("ima_log_trim", "trim ima event logs", + ima_log_trim_event, n, false, NULL, 0); +} + static int ima_log_trim_open(struct inode *inode, struct file *file) { bool write = !!(file->f_mode & FMODE_WRITE); @@ -438,6 +455,8 @@ static ssize_t ima_log_trim_write(struct file *file, goto out; trimcount += ret; + if (ret > 0) + ima_measure_trim_event(); ret = datalen; out: -- 2.43.0
