Different files might be signed based on different hash algorithms. This patch prefixes the audit log measurement hash with the hash algorithm.
Changelog: - use generic HASH_ALGO defintions - use ':' as delimiter between the hash algorithm and the digest (Roberto Sassu) Signed-off-by: Mimi Zohar <[email protected]> Signed-off-by: Roberto Sassu <[email protected]> --- security/integrity/ima/ima_api.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index baa3481..f22725e 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -287,6 +287,12 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, audit_log_format(ab, "file="); audit_log_untrustedstring(ab, filename); audit_log_format(ab, " hash="); + if (iint->ima_hash->algo != HASH_ALGO_SHA1 && + iint->ima_hash->algo != HASH_ALGO_MD5) { + audit_log_untrustedstring(ab, + hash_algo_name[iint->ima_hash->algo]); + audit_log_format(ab, ":"); + } audit_log_untrustedstring(ab, hash); audit_log_task_info(ab, current); -- 1.8.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
