Use libimaevm to check file state from console tool

Change-Id: I50fa7d6221a4fd7132bdc0406b1beb93161520b0
Signed-off-by: Janusz Kozerski <j.kozerski@samsung.com>

diff --git a/src/console/im-console.c b/src/console/im-console.c
index 843b83d..062437a 100644 (file)
--- a/src/console/im-console.c
+++ b/src/console/im-console.c
@@ -20,6 +20,7 @@
  * @brief
  */
 
+#include <imaevm.h>
 #include <ima-evm-server.h>
 
 #include <stdio.h>
@@ -60,11 +61,24 @@ void help ()
     printf("  \t\t\tThe state of IMA can be one of: dis|enf|ign|fix\n");
     printf("  \t\t\tThe state of EVM can be one of: dis|ena|fix\n");
     printf("  -g ima|evm\t\tGet state of IMA or EVM\n");
+    printf("  -f /path/to/file\tCheck state of file\n");
+    printf("  \t\t\tThis function doesn't use ima-evm-server.\n");
+    printf("  \t\t\tIt uses libima-evm directly - for security reason.\n");
     printf("  -p\t\t\tGet policy from the kernel\n");
     printf("  -l file\t\tLoad policy from the file into the kernel\n");
     printf("  \t\t\tThe signature of the policy should be present in location file.sig\n");
 }
 
+const char* file_state_to_str(int state)
+{
+    switch (state){
+    case FILE_STATE_OK:       return "OK";
+    case FILE_STATE_TAMPERED: return "Tampered";
+    case FILE_STATE_UNKNOWN:  return "Unknown";
+    default: return "Unknown";
+    }
+}
+
 int ima_state_to_server(const char* state)
 {
     if (strcmp(state, "dis") == 0)
@@ -191,6 +205,19 @@ int main (int argc, const char* argv[])
                 error(ret);
             }
             return 0;
+        case 'f':
+            i++;
+            if (i>=argc) {
+                few_args();
+                return 0;
+            }
+            ret = get_file_state(argv[i], &state);
+            if (LIB_SUCCESS != ret) {
+                error(ret);
+                return 0;
+            }
+            printf("%s\n", file_state_to_str(state));
+            return 0;
         default:
             inval();
             return 0;