plugins/ima.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

#include <sys/xattr.h>

#include <rpm/rpmfi.h>
#include <rpm/rpmte.h>
#include <rpm/rpmfiles.h>
#include <rpm/rpmtypes.h>
#include <rpmio/rpmstring.h>

#include "lib/rpmfs.h"
#include "lib/rpmplugin.h"
#include "lib/rpmte_internal.h"

#define XATTR_NAME_IMA "security.ima"

static rpmRC ima_psm_post(rpmPlugin plugin, rpmte te, int res)
{
	rpmfi fi = rpmteFI(te);
	const char *fpath;
	const unsigned char * fsig = NULL;
	size_t len;
	int rc = 0;

	if (fi == NULL) {
	    rc = RPMERR_BAD_MAGIC;
	    goto exit;
	}

	while (rpmfiNext(fi) >= 0) {
	    /* Don't install signatures for (mutable) config files */
	    if (!(rpmfiFFlags(fi) & RPMFILE_CONFIG)) {
		fpath = rpmfiFN(fi);
		fsig = rpmfiFSignature(fi, &len);
		if (fsig) {
		    lsetxattr(fpath, XATTR_NAME_IMA, fsig, len, 0);
		}
	    }
	}
exit:
	return rc;
}

struct rpmPluginHooks_s ima_hooks = {
	.psm_post = ima_psm_post,
};