Add ima_set_policy_file function.

Function takes one parameter:
const char *policy_path - which is path to the policy file
Signature of the policy should exist in policy_path.sig file

Change-Id: I95b0166f5c53ecf7a7a0a35aa2e868ce13ab8709
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>

diff --git a/src/imaevm.h b/src/imaevm.h
index 3e60d76..d773617 100644 (file)
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -234,5 +234,6 @@ int evm_get_xattr(const char *path, char **hash);
 int ima_get_policy(char*** policy);
 int ima_free_policy(char **policy);
 int ima_set_policy(const char **policy, const char *policy_sig);
+int ima_set_policy_file(const char *policy_path);
 
 #endif

diff --git a/src/libimaevm.c b/src/libimaevm.c
index 8ada490..b9f6a47 100644 (file)
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -1229,6 +1229,42 @@ static int _ima_write_rule(int fd, const char *rule)
        return LIB_SUCCESS;
 }
 
+int ima_set_policy_file(const char *policy_path)
+{
+       int ret_code = LIB_SUCCESS;
+       int counter;
+       int len;
+       int ret;
+       int fd = -1;
+
+       if (!policy_path || policy_path[0] == '\0')
+               return LIB_ERROR_INPUT_PARAM;
+
+       /* open and write to kernel interface */
+       fd = open(IMA_POLICY_INTERFACE, O_WRONLY);
+       if (fd < 0) {
+               log_err("Cannot open kernel interface\n");
+               ret_code = LIB_ERROR_SYSCALL;
+               goto out;
+       }
+
+       counter = 0;
+       len = strlen(policy_path);
+       while (counter < len) {
+               ret = write(fd, &(policy_path[counter]), len - counter);
+               if (ret < 0) {
+                       log_err("Error while writing to the kernel interface\n");
+                       ret_code = LIB_ERROR_SYSCALL;
+                       goto out;
+               }
+               counter += ret;
+       }
+
+out:
+       if (fd > -1)
+               close(fd);
+       return ret_code;
+}
 
 int ima_set_policy(const char **policy, const char *policy_sig)
 {