@@ -14,6 +14,7 @@
#define __LINUX_IMA_H
#include <linux/types.h>
+#include <linux/uuid.h>
#include <linux/crypto.h>
#include <linux/fs.h>
#include <linux/security.h>
@@ -176,6 +177,7 @@ struct ima_namespace {
*/
int ima_extra_slots;
struct vpcr_entry vpcr;
+ uuid_t uuid;
} __randomize_layout;
extern struct ima_namespace init_ima_ns;
@@ -635,6 +635,7 @@ static int vpcr_show(struct seq_file *m, void *v)
vpcr);
ima_putc(m, "cPCR: ", strlen("cPCR: "));
+ ima_putc(m, curr_ns->uuid.b, UUID_SIZE);
ima_putc(m, vpcr->vpcr_tmp, SHA256_DIGEST_SIZE);
memcpy(buf, &temp_vpcr_hash.digest, SHA256_DIGEST_SIZE);
@@ -71,6 +71,7 @@ int ima_init_namespace(struct ima_namespace *ns)
mutex_unlock(&vpcr_list_mutex);
}
+ generate_random_uuid(ns->uuid.b);
get_random_bytes(&ns->vpcr.secret, sizeof(ns->vpcr.secret));
set_bit(IMA_NS_ACTIVE, &ns->ima_ns_flags);
Signed-off-by: Ilya Hanov <ilya.hanov@huawei-partners.com> --- security/integrity/ima/ima.h | 2 ++ security/integrity/ima/ima_fs.c | 1 + security/integrity/ima/ima_init_ima_ns.c | 1 + 3 files changed, 4 insertions(+)