[PATCH ima-evm-utils v2 1/4] evmctl: Remove filtering support for file types unsupported by IMA

From: Stefan Berger <stefanb@linux.ibm.com>
To: linux-integrity@vger.kernel.org
Cc: zohar@linux.ibm.com, Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH ima-evm-utils v2 1/4] evmctl: Remove filtering support for file types unsupported by IMA
Date: Thu,  8 Jul 2021 12:04:05 -0400	[thread overview]
Message-ID: <20210708160408.2779849-2-stefanb@linux.ibm.com> (raw)
In-Reply-To: <20210708160408.2779849-1-stefanb@linux.ibm.com>

Remove support for filtering on file types unsupported by IMA from evmctl.
This now prevents func(de->d_name) to be invoked on symlinks, block device
files, etc. since signature verification on those file types is not
supported by IMA in the kernel.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 README       |  2 +-
 src/evmctl.c | 13 +------------
 2 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/README b/README
index 321045d..2ccac46 100644
--- a/README
+++ b/README
@@ -51,7 +51,7 @@ OPTIONS
   -o, --portable     generate portable EVM signatures
   -p, --pass         password for encrypted signing key
   -r, --recursive    recurse into directories (sign)
-  -t, --type         file types to fix 'fdsxm' (f: file, d: directory, s: block/char/symlink)
+  -t, --type         file types to fix 'fxm' (f: file)
                      x - skip fixing if both ima and evm xattrs exist (use with caution)
                      m - stay on the same filesystem (like 'find -xdev')
   -n                 print result to stdout instead of setting xattr
diff --git a/src/evmctl.c b/src/evmctl.c
index 7a6f202..04f14af 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -142,10 +142,6 @@ typedef int (*find_cb_t)(const char *path);
 static int find(const char *path, int dts, find_cb_t func);
 
 #define REG_MASK	(1 << DT_REG)
-#define DIR_MASK	(1 << DT_DIR)
-#define LNK_MASK	(1 << DT_LNK)
-#define CHR_MASK	(1 << DT_CHR)
-#define BLK_MASK	(1 << DT_BLK)
 
 struct command cmds[];
 static void print_usage(struct command *cmd);
@@ -668,10 +664,6 @@ static int get_file_type(const char *path, const char *search_type)
 		switch (search_type[i]) {
 		case 'f':
 			dts |= REG_MASK; break;
-		case 'd':
-			dts |= DIR_MASK; break;
-		case 's':
-			dts |= BLK_MASK | CHR_MASK | LNK_MASK; break;
 		case 'x':
 			check_xattr = true; break;
 		case 'm':
@@ -1371,9 +1363,6 @@ static int find(const char *path, int dts, find_cb_t func)
 		return -1;
 	}
 
-	if (dts & DIR_MASK)
-		func(path);
-
 	closedir(dir);
 
 	return 0;
@@ -2517,7 +2506,7 @@ static void usage(void)
 		"  -o, --portable     generate portable EVM signatures\n"
 		"  -p, --pass         password for encrypted signing key\n"
 		"  -r, --recursive    recurse into directories (sign)\n"
-		"  -t, --type         file types to fix 'fdsxm' (f: file, d: directory, s: block/char/symlink)\n"
+		"  -t, --type         file types to fix 'fxm' (f: file)\n"
 		"                     x - skip fixing if both ima and evm xattrs exist (use with caution)\n"
 		"                     m - stay on the same filesystem (like 'find -xdev')\n"
 		"  -n                 print result to stdout instead of setting xattr\n"
-- 
2.31.1

