Implement recursive IMA signing

author Dmitry Kasatkin <d.kasatkin@samsung.com>

Fri, 17 Jan 2014 13:18:48 +0000 (15:18 +0200)

committer Dmitry Kasatkin <d.kasatkin@samsung.com>

Fri, 17 Jan 2014 13:27:20 +0000 (15:27 +0200)
author Dmitry Kasatkin <d.kasatkin@samsung.com>
Fri, 17 Jan 2014 13:18:48 +0000 (15:18 +0200)
committer Dmitry Kasatkin <d.kasatkin@samsung.com>
Fri, 17 Jan 2014 13:27:20 +0000 (15:27 +0200)
diff --git a/src/evmctl.c b/src/evmctl.c

index 77f3e36..f6d000e 100644 (file)
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1130,9 +1130,19 @@ static int get_file_type(const char *path, const char *search_type)
         return dts;
  }
  
+static int sign_ima_file(const char *file)
+{
+       char *key;
+
+       key = keyfile ? : "/etc/keys/privkey_evm.pem";
+
+       return sign_ima(file, key);
+}
+
  static int cmd_sign_ima(struct command *cmd)
  {
-       char *key, *file = g_argv[optind++];
+       char *file = g_argv[optind++];
+       int err, dts = REG_MASK; /* only regular files by default */
  
         if (!file) {
                 log_err("Parameters missing\n");
@@ -1140,10 +1150,18 @@ static int cmd_sign_ima(struct command *cmd)
                 return -1;
         }
  
-       key = keyfile ? : "/etc/keys/privkey_evm.pem";
-
-       return sign_ima(file, key);
+       if (recursive) {
+               if (search_type) {
+                       dts = get_file_type(file, search_type);
+                       if (dts < 0)
+                               return dts;
+               }
+               err = find(file, dts, sign_ima_file);
+       } else {
+               err = sign_ima_file(file);
+       }
  
+       return err;
  }
  
  static int sign_evm_path(const char *file)
author	Dmitry Kasatkin <d.kasatkin@samsung.com>
	Fri, 17 Jan 2014 13:18:48 +0000 (15:18 +0200)
committer	Dmitry Kasatkin <d.kasatkin@samsung.com>
	Fri, 17 Jan 2014 13:27:20 +0000 (15:27 +0200)