142 lines
4.8 KiB
Diff
142 lines
4.8 KiB
Diff
From 1be543b4082c7cf516d11408abf35d1b3ec67254 Mon Sep 17 00:00:00 2001
|
|
From: Huaxin Lu <luhuaxin1@huawei.com>
|
|
Date: Mon, 29 Apr 2024 22:27:49 +0800
|
|
Subject: [PATCH 02/28] use fs interface to set measure action
|
|
|
|
---
|
|
src/core/dim_core_fs.c | 11 +++++++++++
|
|
src/core/dim_core_main.c | 4 ----
|
|
src/core/dim_core_measure.c | 17 +++++++++++++++++
|
|
src/core/dim_core_measure.h | 9 ++++++++-
|
|
.../dim_core_measure_process.c | 3 ++-
|
|
5 files changed, 38 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/core/dim_core_fs.c b/src/core/dim_core_fs.c
|
|
index 4d6bdd4..4a82e53 100644
|
|
--- a/src/core/dim_core_fs.c
|
|
+++ b/src/core/dim_core_fs.c
|
|
@@ -53,6 +53,16 @@ dim_string_print_entry(dim_status, runtime_status, dim_core_status_print);
|
|
dim_uint_rw_entry(dim_interval, interval, dim_core_interval_get,
|
|
dim_core_interval_set);
|
|
|
|
+/*
|
|
+ * measure action set and read interface
|
|
+ * dim_entry struct: dim_tampered_action_entry
|
|
+ * file entry name: tampered_action
|
|
+ * read function: dim_core_measure_action_get
|
|
+ * write function: dim_core_measure_action_set
|
|
+ */
|
|
+dim_uint_rw_entry(dim_tampered_action, tampered_action,
|
|
+ dim_core_measure_action_get, dim_core_measure_action_set);
|
|
+
|
|
/*
|
|
* dim directory
|
|
*/
|
|
@@ -69,6 +79,7 @@ static struct dim_entry *dim_core_files[] = {
|
|
&dim_measure_log_entry,
|
|
&dim_status_entry,
|
|
&dim_interval_entry,
|
|
+ &dim_tampered_action_entry,
|
|
};
|
|
|
|
void dim_core_destroy_fs(void)
|
|
diff --git a/src/core/dim_core_main.c b/src/core/dim_core_main.c
|
|
index c62fa09..de18d66 100644
|
|
--- a/src/core/dim_core_main.c
|
|
+++ b/src/core/dim_core_main.c
|
|
@@ -33,15 +33,11 @@ MODULE_PARM_DESC(measure_pcr, "TPM PCR index to extend measure log");
|
|
|
|
/* special measurement configuration for dim_core */
|
|
static unsigned int measure_interval = 0;
|
|
-bool dim_core_measure_action_enabled = 0;
|
|
static bool signature = false;
|
|
|
|
module_param(measure_interval, uint, 0);
|
|
MODULE_PARM_DESC(measure_interval, "Interval time (min) for automatic measurement");
|
|
|
|
-module_param_named(measure_action, dim_core_measure_action_enabled, bool, 0);
|
|
-MODULE_PARM_DESC(signature, "Enable actions when tampering detected");
|
|
-
|
|
module_param(signature, bool, 0);
|
|
MODULE_PARM_DESC(signature, "Require signature for policy and static baseline");
|
|
|
|
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
|
|
index f5b378c..6b8cd49 100644
|
|
--- a/src/core/dim_core_measure.c
|
|
+++ b/src/core/dim_core_measure.c
|
|
@@ -32,6 +32,7 @@ static struct work_struct dim_baseline_work;
|
|
|
|
/* special measurement parameters for dim_core */
|
|
static atomic_t measure_interval = ATOMIC_INIT(0);
|
|
+static atomic_t measure_action = ATOMIC_INIT(0);
|
|
|
|
/* interface to print measure status string */
|
|
const char *dim_core_status_print(void)
|
|
@@ -39,6 +40,22 @@ const char *dim_core_status_print(void)
|
|
return dim_measure_status_print(&dim_core_handle);
|
|
}
|
|
|
|
+/* interface to get tampered action */
|
|
+long dim_core_measure_action_get(void)
|
|
+{
|
|
+ return atomic_read(&measure_action);
|
|
+}
|
|
+
|
|
+/* interface to set measure action */
|
|
+int dim_core_measure_action_set(unsigned int act)
|
|
+{
|
|
+ if (act >= DIM_MEASURE_ACTION_MAX)
|
|
+ return -ERANGE;
|
|
+
|
|
+ atomic_set(&measure_action, act);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
/* interface to get measure interval */
|
|
long dim_core_interval_get(void)
|
|
{
|
|
diff --git a/src/core/dim_core_measure.h b/src/core/dim_core_measure.h
|
|
index 3522ba0..a91d0b3 100644
|
|
--- a/src/core/dim_core_measure.h
|
|
+++ b/src/core/dim_core_measure.h
|
|
@@ -16,7 +16,12 @@
|
|
#define DIM_MINUTE_TO_SEC (60UL)
|
|
#define DIM_MINUTE_TO_NSEC (60UL * 1000 * 1000 * 1000)
|
|
|
|
-extern bool dim_core_measure_action_enabled;
|
|
+enum dim_measure_action {
|
|
+ DIM_MEASURE_ACTION_DISABLE,
|
|
+ DIM_MEASURE_ACTION_ENABLE,
|
|
+ DIM_MEASURE_ACTION_MAX,
|
|
+};
|
|
+
|
|
extern struct dim_measure dim_core_handle;
|
|
|
|
/* global init and destroy */
|
|
@@ -25,6 +30,8 @@ void dim_core_measure_destroy(void);
|
|
|
|
/* control function for measurement parameters */
|
|
const char *dim_core_status_print(void);
|
|
+long dim_core_measure_action_get(void);
|
|
+int dim_core_measure_action_set(unsigned int act);
|
|
long dim_core_interval_get(void);
|
|
int dim_core_interval_set(unsigned int p);
|
|
long dim_core_tampered_action_get(void);
|
|
diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
|
index 8522085..643b661 100644
|
|
--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
|
+++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
|
@@ -134,7 +134,8 @@ static int check_process_digest(struct dim_digest *digest,
|
|
return ret;
|
|
}
|
|
|
|
- if (log_flag != LOG_TAMPERED || !dim_core_measure_action_enabled)
|
|
+ if (log_flag != LOG_TAMPERED ||
|
|
+ dim_core_measure_action_get() == DIM_MEASURE_ACTION_DISABLE)
|
|
return 0;
|
|
|
|
/* now the process is tampered, check if action need to be taken */
|
|
--
|
|
2.33.0
|
|
|