ima: pass 'opened' flag to identify newly created files

commit 3034a146820c26fe6da66a45f6340fe87fe0983a upstream. Empty files and missing xattrs do not guarantee that a file was just created. This patch passes FILE_CREATED flag to IMA to reliably identify new files. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> [bwh: Backported to 3.16: drop change to ima_fw_from_file()] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
author: Dmitry Kasatkin <d.kasatkin@samsung.com> 2014-06-27 18:15:44 +0300
committer: Ben Hutchings <ben@decadent.org.uk> 2017-08-26 02:14:23 +0100
commit: ad4b000f037c80628e1ecfcc8b782eb2bdec49ca (patch)
tree: 61701b21299648fa70579a70cbe17f5f77e7bc77 /include/linux
parent: f5f27dab6f310d534afa6239ef4c188393d63a40 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h
index 1b7f268cddce..23a87a4fac9f 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -15,7 +15,7 @@ struct linux_binprm;
 
 #ifdef CONFIG_IMA
 extern int ima_bprm_check(struct linux_binprm *bprm);
-extern int ima_file_check(struct file *file, int mask);
+extern int ima_file_check(struct file *file, int mask, int opened);
 extern void ima_file_free(struct file *file);
 extern int ima_file_mmap(struct file *file, unsigned long prot);
 extern int ima_module_check(struct file *file);
@@ -26,7 +26,7 @@ static inline int ima_bprm_check(struct linux_binprm *bprm)
 	return 0;
 }
 
-static inline int ima_file_check(struct file *file, int mask)
+static inline int ima_file_check(struct file *file, int mask, int opened)
 {
 	return 0;
 }
author	Dmitry Kasatkin <d.kasatkin@samsung.com>	2014-06-27 18:15:44 +0300
committer	Ben Hutchings <ben@decadent.org.uk>	2017-08-26 02:14:23 +0100
commit	ad4b000f037c80628e1ecfcc8b782eb2bdec49ca (patch)
tree	61701b21299648fa70579a70cbe17f5f77e7bc77 /include/linux
parent	f5f27dab6f310d534afa6239ef4c188393d63a40 (diff)