enum ima_state {
- IMA_STATE_DISABLED, /* IMA is turned off - no actions are done */
- IMA_STATE_IGNORE, /* IMA checks files integrity, errors are reported on
- * measurement list, but there is no blocking access.
- * If file hash was correct on open it is updated on close */
- IMA_STATE_ENFORCE, /* IMA checks files integrity - on errors access denied
- * is returned when attempt to open.
- * If file hash was correct on open it is updated on close */
- IMA_STATE_FIX /* IMA doesn't check files integrity. Hash of files is
- * updated on file close */
+ IMA_STATE_DISABLED = 0x00, /* IMA is turned off - no actions are done */
+ IMA_STATE_ENFORCE = 0x01, /* IMA checks files integrity - on errors access denied
+ * is returned when attempt to open.
+ * If file hash was correct on open it is updated on close */
+ IMA_STATE_FIX = 0x02, /* IMA doesn't check files integrity. Hash of files is
+ * updated on file close */
+ IMA_STATE_IGNORE = 0x04, /* IMA checks files integrity, errors are reported on
+ * measurement list, but there is no blocking access.
+ * If file hash was correct on open it is updated on close */
};
enum evm_state {
int ima_get_state(int *state)
{
int fd;
- char buff;
+ char buff[4];
+ int tmp_state;
if (!state) {
log_err("Error input param\n");
close(fd);
return LIB_ERROR_SYSCALL;
}
-
close(fd);
+ buff[3] = '\0';
- switch (buff) {
- case '0':
- *state = IMA_STATE_DISABLED;
- return LIB_SUCCESS;
- case '1':
- *state = IMA_STATE_IGNORE;
- return LIB_SUCCESS;
- case '2':
- *state = IMA_STATE_ENFORCE;
- return LIB_SUCCESS;
- case '4':
- *state = IMA_STATE_FIX;
+ tmp_state = atoi(buff);
+
+ if (tmp_state == IMA_STATE_DISABLED ||
+ tmp_state == IMA_STATE_IGNORE ||
+ tmp_state == IMA_STATE_ENFORCE ||
+ tmp_state == IMA_STATE_FIX) {
+ *state = tmp_state;
return LIB_SUCCESS;
- default:
- log_err("Unknown IMA state\n");
- return LIB_ERROR_UNKNOWN;
}
+
+ return LIB_ERROR_UNKNOWN;
}
int ima_set_state(int state)
{
- char buff;
+ char buff[4] = {'\0',};
+
+ if (state != IMA_STATE_DISABLED &&
+ state != IMA_STATE_IGNORE &&
+ state != IMA_STATE_ENFORCE &&
+ state != IMA_STATE_FIX)
+ return LIB_ERROR_INPUT_PARAM;
int fd = open(IMA_STATE_PATH, O_RDWR);
if (fd < 0) {
return LIB_ERROR_SYSCALL;
}
- switch (state) {
- case IMA_STATE_DISABLED:
- buff = '0';
- break;
- case IMA_STATE_IGNORE:
- buff = '1';
- break;
- case IMA_STATE_ENFORCE:
- buff = '2';
- break;
- case IMA_STATE_FIX:
- buff = '4';
- break;
- default:
- log_err("Wrong IMA state\n");
- close(fd);
- return LIB_ERROR_INPUT_PARAM;
- }
+ snprintf(buff, 3, "%d", state);
- if (write(fd, &buff, sizeof(buff)) < 0) {
+ if (write(fd, buff, sizeof(buff)) < 0) {
log_err("Unable to write file\n");
close(fd);
return LIB_ERROR_SYSCALL;