LCOV - code coverage report
Current view: top level - core - ima-setup.c (source / functions) Hit Total Coverage
Test: systemd_full.info Lines: 0 42 0.0 %
Date: 2019-08-23 13:36:53 Functions: 0 1 0.0 %
Legend: Lines: hit not hit | Branches: + taken - not taken # not executed Branches: 0 43 0.0 % 

           Branch data     Line data    Source code
       1                 :            : /* SPDX-License-Identifier: LGPL-2.1+ */
       2                 :            : /***
       3                 :            :   Copyright © 2012 Roberto Sassu - Politecnico di Torino, Italy
       4                 :            :                                    TORSEC group — http://security.polito.it
       5                 :            : ***/
       6                 :            : 
       7                 :            : #include <errno.h>
       8                 :            : #include <fcntl.h>
       9                 :            : #include <sys/stat.h>
      10                 :            : #include <sys/types.h>
      11                 :            : #include <unistd.h>
      12                 :            : 
      13                 :            : #include "alloc-util.h"
      14                 :            : #include "fd-util.h"
      15                 :            : #include "fileio.h"
      16                 :            : #include "ima-setup.h"
      17                 :            : #include "log.h"
      18                 :            : 
      19                 :            : #define IMA_SECFS_DIR "/sys/kernel/security/ima"
      20                 :            : #define IMA_SECFS_POLICY IMA_SECFS_DIR "/policy"
      21                 :            : #define IMA_POLICY_PATH "/etc/ima/ima-policy"
      22                 :            : 
      23                 :          0 : int ima_setup(void) {
      24                 :            : #if ENABLE_IMA
      25                 :          0 :         _cleanup_fclose_ FILE *input = NULL;
      26                 :          0 :         _cleanup_close_ int imafd = -1;
      27                 :          0 :         unsigned lineno = 0;
      28                 :            :         int r;
      29                 :            : 
      30         [ #  # ]:          0 :         if (access(IMA_SECFS_DIR, F_OK) < 0) {
      31         [ #  # ]:          0 :                 log_debug_errno(errno, "IMA support is disabled in the kernel, ignoring: %m");
      32                 :          0 :                 return 0;
      33                 :            :         }
      34                 :            : 
      35         [ #  # ]:          0 :         if (access(IMA_SECFS_POLICY, W_OK) < 0) {
      36         [ #  # ]:          0 :                 log_warning_errno(errno, "Another IMA custom policy has already been loaded, ignoring: %m");
      37                 :          0 :                 return 0;
      38                 :            :         }
      39                 :            : 
      40         [ #  # ]:          0 :         if (access(IMA_POLICY_PATH, F_OK) < 0) {
      41         [ #  # ]:          0 :                 log_debug_errno(errno, "No IMA custom policy file "IMA_POLICY_PATH", ignoring: %m");
      42                 :          0 :                 return 0;
      43                 :            :         }
      44                 :            : 
      45                 :          0 :         imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
      46         [ #  # ]:          0 :         if (imafd < 0) {
      47         [ #  # ]:          0 :                 log_error_errno(errno, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY", ignoring: %m");
      48                 :          0 :                 return 0;
      49                 :            :         }
      50                 :            : 
      51                 :            :         /* attempt to write the name of the policy file into sysfs file */
      52         [ #  # ]:          0 :         if (write(imafd, IMA_POLICY_PATH, STRLEN(IMA_POLICY_PATH)) > 0)
      53                 :          0 :                 goto done;
      54                 :            : 
      55                 :            :         /* fall back to copying the policy line-by-line */
      56                 :          0 :         input = fopen(IMA_POLICY_PATH, "re");
      57         [ #  # ]:          0 :         if (!input) {
      58         [ #  # ]:          0 :                 log_warning_errno(errno, "Failed to open the IMA custom policy file "IMA_POLICY_PATH", ignoring: %m");
      59                 :          0 :                 return 0;
      60                 :            :         }
      61                 :            : 
      62                 :          0 :         safe_close(imafd);
      63                 :            : 
      64                 :          0 :         imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
      65         [ #  # ]:          0 :         if (imafd < 0) {
      66         [ #  # ]:          0 :                 log_error_errno(errno, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY", ignoring: %m");
      67                 :          0 :                 return 0;
      68                 :            :         }
      69                 :            : 
      70                 :          0 :         for (;;) {
      71      [ #  #  # ]:          0 :                 _cleanup_free_ char *line = NULL;
      72                 :            :                 size_t len;
      73                 :            : 
      74                 :          0 :                 r = read_line(input, LONG_LINE_MAX, &line);
      75         [ #  # ]:          0 :                 if (r < 0)
      76         [ #  # ]:          0 :                         return log_error_errno(r, "Failed to read the IMA custom policy file "IMA_POLICY_PATH": %m");
      77         [ #  # ]:          0 :                 if (r == 0)
      78                 :          0 :                         break;
      79                 :            : 
      80                 :          0 :                 len = strlen(line);
      81                 :          0 :                 lineno++;
      82                 :            : 
      83   [ #  #  #  # ]:          0 :                 if (len > 0 && write(imafd, line, len) < 0)
      84         [ #  # ]:          0 :                         return log_error_errno(errno, "Failed to load the IMA custom policy file "IMA_POLICY_PATH"%u: %m",
      85                 :            :                                                lineno);
      86                 :            :         }
      87                 :            : 
      88                 :          0 : done:
      89         [ #  # ]:          0 :         log_info("Successfully loaded the IMA custom policy "IMA_POLICY_PATH".");
      90                 :            : #endif /* ENABLE_IMA */
      91                 :          0 :         return 0;
      92                 :            : }

Generated by: LCOV version 1.14