Add get_file_state function

With this function you can check if file is tampered or ok.
Function takes file path as first parameter.
File state returned in second parameter.

Change-Id: I1e6713f801954a788105db78f974e3bbe13c562d
Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>

diff --git a/src/imaevm.h b/src/imaevm.h
index d1f8704..d203eb1 100644 (file)
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -205,6 +205,7 @@ int verify_hash(const unsigned char *hash, int size, unsigned char *sig, int sig
 int ima_verify_signature(const char *file, unsigned char *sig, int siglen);
 
 //IMA EVM API
+
 enum lib_retval {
        LIB_SUCCESS,
        LIB_ERROR_UNKNOWN,
@@ -227,6 +228,12 @@ enum evm_state {
        EVM_STATE_FIX
 };
 
+enum file_state {
+       FILE_STATE_OK,
+       FILE_STATE_TAMPERED,
+       FILE_STATE_UNKNOWN
+};
+
 int ima_get_state(int *state);
 int ima_set_state(int state);
 int evm_get_state(int *state);
@@ -235,6 +242,7 @@ int ima_set_xattr(const char *path);
 int ima_get_xattr(const char *path, char **hash);
 int evm_set_xattr(const char *path, const char *evm);
 int evm_get_xattr(const char *path, char **hash);
+int get_file_state(const char *path, int *state);
 
 int ima_get_policy(char*** policy);
 int ima_free_policy(char **policy);

diff --git a/src/libimaevm.c b/src/libimaevm.c
index a5919f9..99c5ac8 100644 (file)
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -1393,3 +1393,61 @@ out:
        }
        return ret_code;
 }
+
+#define IMA_MEASURE_PATH       "/sys/kernel/security/ima/ascii_runtime_measurements"
+#define IMA_TAMPERED_STATE      0x0001
+
+ int get_file_state(const char *path, int *state)
+{
+       char line[256];
+       FILE *fp;
+       char *fileState = NULL;
+       char *token = NULL;
+       int found = 0;
+       *state = FILE_STATE_UNKNOWN;
+
+       if (!path || !state) {
+               log_err("Error input param\n");
+               return LIB_ERROR_INPUT_PARAM;
+       }
+
+       fp = fopen(path, "r");
+       if (NULL == fp) {
+               if (errno != EACCES && errno != EPERM) {
+                       *state = FILE_STATE_UNKNOWN;
+                       goto out;
+               }
+               fp = fopen(IMA_MEASURE_PATH, "r");
+               if (NULL == fp) {
+                       log_err("Unable to open file\n");
+                       return LIB_ERROR_SYSCALL;
+               }
+               while (fgets(line, sizeof line, fp) != NULL) {
+                       token = strtok(line, " ");
+                       while ((token = strtok(NULL, " "))) {
+                               if (!strcmp(path, token)) {
+                                       found = 1;
+                                       break;
+                               }
+                       }
+                       if (found) {
+                               token = strtok(NULL, " ");
+                               while (NULL != token) {
+                                       fileState = token;
+                                       token = strtok(NULL, " ");
+                               }
+                               if (atoi(fileState) & IMA_TAMPERED_STATE) {
+                                       *state = FILE_STATE_TAMPERED;
+                                       goto out;
+                               }
+                       }
+               }
+       }
+       else
+               *state = FILE_STATE_OK;
+
+out:
+       if (fp)
+               fclose(fp);
+       return LIB_SUCCESS;
+}