#define EVM_STATE_PATH "/sys/kernel/security/evm/evm_state"
#define EVM_XATTR "security.evm"
+#define IMA_POLICY_INTERFACE "/sys/kernel/security/ima/policy"
+
int ima_get_state(int *state)
{
int fd;
return LIB_SUCCESS;
}
+
+int ima_get_policy(char*** policy)
+{
+ char buff[100];
+ char *policy_tmp = NULL;
+ char *last;
+ char *last2;
+ int length = 0;
+ int rules_count;
+ int ret;
+ int ret_code = LIB_SUCCESS;
+ int i;
+
+ if (!policy)
+ return LIB_ERROR_INPUT_PARAM;
+
+ int fd = open(IMA_POLICY_INTERFACE, O_RDONLY);
+ if (fd < 0) {
+ log_err("Unable to open %s file\n", IMA_POLICY_INTERFACE);
+ return LIB_ERROR_SYSCALL;
+ }
+
+ // Read policy from fd to policy_tmp;
+ do {
+ ret = read(fd, &buff, sizeof(buff));
+ if (ret < 0) {
+ log_err("Unable to read %s file\n", IMA_POLICY_INTERFACE);
+ ret_code = LIB_ERROR_SYSCALL;
+ goto out;
+ }
+ last = realloc(policy_tmp, length + ret + 1);
+ if (!last) { // realloc error
+ ret_code = LIB_ERROR_MEMORY;
+ goto out;
+ }
+ policy_tmp = last;
+ memcpy(&(policy_tmp[length]), buff, ret);
+ length += ret;
+ } while (ret == (int) sizeof(buff)); // If not whole buffer was filled then it means that the
+ // whole policy was read. Exit the while loop.
+ policy_tmp[length] = '\0';
+
+ if (length <= 1) { // Empty policy;
+ *policy = malloc(sizeof(char*));
+ if (!(*policy)) {
+ ret_code = LIB_ERROR_MEMORY;
+ goto out;
+ }
+ (*policy)[0] = NULL;
+ goto out;
+ }
+
+ // Counting rules
+ last = policy_tmp;
+ rules_count = 1; // Start counting from 1 because there can be one more rule then new line sign
+ while ((last = strchr(last, '\n'))) {
+ last += sizeof(char);
+ rules_count++;
+ }
+
+ *policy = malloc(sizeof(char*) * (rules_count + 1)); // +1 because this is null terminated list
+ if (!(*policy)) {
+ ret_code = LIB_ERROR_MEMORY;
+ goto out;
+ }
+ (*policy)[rules_count] = NULL;
+ last = policy_tmp;
+
+ // Re-write rules as a list of strings - every rule in different string.
+ for (i = 0; i < rules_count; ++i) {
+ last2 = strchr(last, '\n');
+ if (last2) {
+ (*policy)[i] = malloc(sizeof(char*) * (last2 - last) + 1);
+ if (!((*policy)[i])) {
+ for (; i >= 0; --i)
+ free((*policy)[i]);
+ free(*policy);
+ *policy = NULL;
+ ret_code = LIB_ERROR_MEMORY;
+ goto out;
+ }
+ memcpy((*policy)[i], last, (last2 - last));
+ (*policy)[i][last2 - last] = '\0';
+ } else { // This should be the last run of FOR loop
+ (*policy)[i] = malloc(sizeof(char*) * strlen(last) + 1);
+ if (!((*policy)[i])) {
+ for (; i >= 0; --i)
+ free((*policy)[i]);
+ free(*policy);
+ *policy = NULL;
+ ret_code = LIB_ERROR_MEMORY;
+ goto out;
+ }
+ memcpy((*policy)[i], last, strlen(last));
+ (*policy)[i][strlen(last)] = '\0';
+ }
+ last = last2 + sizeof(char);
+ }
+
+out:
+ close(fd);
+ free(policy_tmp);
+ return ret_code;
+}