[RFC][PATCH v2 08/12] diglim: Interfaces - digest_label

From: Roberto Sassu <roberto.sassu@huawei.com>
To: <zohar@linux.ibm.com>, <gregkh@linuxfoundation.org>,
	<mchehab+huawei@kernel.org>
Cc: <linux-integrity@vger.kernel.org>,
	<linux-security-module@vger.kernel.org>,
	<linux-doc@vger.kernel.org>, <linux-kselftest@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>,
	Roberto Sassu <roberto.sassu@huawei.com>
Subject: [RFC][PATCH v2 08/12] diglim: Interfaces - digest_label
Date: Mon, 26 Jul 2021 18:36:56 +0200	[thread overview]
Message-ID: <20210726163700.2092768-9-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20210726163700.2092768-1-roberto.sassu@huawei.com>

Introduce the digest_label interface. It can be used to set a label to be
applied to the next digest list (buffer) loaded through digest_list_add.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 security/integrity/diglim/fs.c | 40 ++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/security/integrity/diglim/fs.c b/security/integrity/diglim/fs.c
index caf2923c9146..8958e987f708 100644
--- a/security/integrity/diglim/fs.c
+++ b/security/integrity/diglim/fs.c
@@ -36,6 +36,13 @@ static struct dentry *diglim_dir;
  * removed.
  */
 static struct dentry *digest_lists_loaded_dir;
+/**
+ * DOC: digest_label
+ *
+ * digest_label can be used to set a label to be applied to the next digest
+ * list (buffer) loaded through digest_list_add.
+ */
+static struct dentry *digest_label_dentry;
 /**
  * DOC: digest_list_add
  *
@@ -505,6 +512,32 @@ static const struct file_operations digest_list_upload_ops = {
 	.llseek = generic_file_llseek,
 };
 
+/*
+ * digest_label_write: write label for next uploaded digest list.
+ */
+static ssize_t digest_label_write(struct file *file, const char __user *buf,
+				  size_t datalen, loff_t *ppos)
+{
+	int rc;
+
+	if (datalen >= sizeof(digest_label))
+		return -EINVAL;
+
+	rc = copy_from_user(digest_label, buf, datalen);
+	if (rc)
+		return -EFAULT;
+
+	digest_label[datalen] = '\0';
+	return datalen;
+}
+
+static const struct file_operations digest_label_ops = {
+	.open = generic_file_open,
+	.write = digest_label_write,
+	.read = seq_read,
+	.llseek = generic_file_llseek,
+};
+
 static int __init diglim_fs_init(void)
 {
 	diglim_dir = securityfs_create_dir("diglim", integrity_dir);
@@ -528,8 +561,15 @@ static int __init diglim_fs_init(void)
 	if (IS_ERR(digest_list_del_dentry))
 		goto out;
 
+	digest_label_dentry = securityfs_create_file("digest_label", 0600,
+						     diglim_dir, NULL,
+						     &digest_label_ops);
+	if (IS_ERR(digest_label_dentry))
+		goto out;
+
 	return 0;
 out:
+	securityfs_remove(digest_label_dentry);
 	securityfs_remove(digest_list_del_dentry);
 	securityfs_remove(digest_list_add_dentry);
 	securityfs_remove(digest_lists_loaded_dir);
-- 
2.25.1

