summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitry Kasatkin <dmitry.kasatkin@intel.com>2012-06-25 12:18:21 +0300
committerMimi Zohar <zohar@linux.vnet.ibm.com>2012-07-05 16:43:59 -0400
commit417c6c8ee2eb6975f357d8975af94ba5fbeaf82d (patch)
tree02af1e4363f415bfaa45c50a530cee78ecdf87b8
parent7ff2267af595e642f1009198ab49e86a239148fa (diff)
ima: audit is compiled only when enabled
IMA auditing code was compiled even when CONFIG_AUDIT was not enabled. This patch compiles auditing code only when possible and enabled. Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r--security/integrity/ima/Kconfig3
-rw-r--r--security/integrity/ima/Makefile3
-rw-r--r--security/integrity/ima/ima.h9
-rw-r--r--security/integrity/ima/ima_audit.c3
4 files changed, 13 insertions, 5 deletions
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 35664fe6daa1..b9c1219924f1 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -38,8 +38,9 @@ config IMA_MEASURE_PCR_IDX
measurement list. If unsure, use the default 10.
config IMA_AUDIT
- bool
+ bool "Enables auditing support"
depends on IMA
+ depends on AUDIT
default y
help
This option adds a kernel parameter 'ima_audit', which
diff --git a/security/integrity/ima/Makefile b/security/integrity/ima/Makefile
index 5690c021de8f..5f740f6971e1 100644
--- a/security/integrity/ima/Makefile
+++ b/security/integrity/ima/Makefile
@@ -6,4 +6,5 @@
obj-$(CONFIG_IMA) += ima.o
ima-y := ima_fs.o ima_queue.o ima_init.o ima_main.o ima_crypto.o ima_api.o \
- ima_policy.o ima_audit.o
+ ima_policy.o
+ima-$(CONFIG_IMA_AUDIT) += ima_audit.o
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 3ccf7acac6df..e7c99fd0d223 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -61,10 +61,19 @@ struct ima_queue_entry {
};
extern struct list_head ima_measurements; /* list of all measurements */
+#ifdef CONFIG_IMA_AUDIT
/* declarations */
void integrity_audit_msg(int audit_msgno, struct inode *inode,
const unsigned char *fname, const char *op,
const char *cause, int result, int info);
+#else
+static inline void integrity_audit_msg(int audit_msgno, struct inode *inode,
+ const unsigned char *fname,
+ const char *op, const char *cause,
+ int result, int info)
+{
+}
+#endif
/* Internal IMA function definitions */
int ima_init(void);
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
index 21e96bf188df..7a57f6769e9c 100644
--- a/security/integrity/ima/ima_audit.c
+++ b/security/integrity/ima/ima_audit.c
@@ -17,8 +17,6 @@
static int ima_audit;
-#ifdef CONFIG_IMA_AUDIT
-
/* ima_audit_setup - enable informational auditing messages */
static int __init ima_audit_setup(char *str)
{
@@ -29,7 +27,6 @@ static int __init ima_audit_setup(char *str)
return 1;
}
__setup("ima_audit=", ima_audit_setup);
-#endif
void integrity_audit_msg(int audit_msgno, struct inode *inode,
const unsigned char *fname, const char *op,