代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/dim 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 1be543b4082c7cf516d11408abf35d1b3ec67254 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Mon, 29 Apr 2024 22:27:49 +0800
Subject: [PATCH 02/28] use fs interface to set measure action
---
src/core/dim_core_fs.c | 11 +++++++++++
src/core/dim_core_main.c | 4 ----
src/core/dim_core_measure.c | 17 +++++++++++++++++
src/core/dim_core_measure.h | 9 ++++++++-
.../dim_core_measure_process.c | 3 ++-
5 files changed, 38 insertions(+), 6 deletions(-)
diff --git a/src/core/dim_core_fs.c b/src/core/dim_core_fs.c
index 4d6bdd4..4a82e53 100644
--- a/src/core/dim_core_fs.c
+++ b/src/core/dim_core_fs.c
@@ -53,6 +53,16 @@ dim_string_print_entry(dim_status, runtime_status, dim_core_status_print);
dim_uint_rw_entry(dim_interval, interval, dim_core_interval_get,
dim_core_interval_set);
+/*
+ * measure action set and read interface
+ * dim_entry struct: dim_tampered_action_entry
+ * file entry name: tampered_action
+ * read function: dim_core_measure_action_get
+ * write function: dim_core_measure_action_set
+ */
+dim_uint_rw_entry(dim_tampered_action, tampered_action,
+ dim_core_measure_action_get, dim_core_measure_action_set);
+
/*
* dim directory
*/
@@ -69,6 +79,7 @@ static struct dim_entry *dim_core_files[] = {
&dim_measure_log_entry,
&dim_status_entry,
&dim_interval_entry,
+ &dim_tampered_action_entry,
};
void dim_core_destroy_fs(void)
diff --git a/src/core/dim_core_main.c b/src/core/dim_core_main.c
index c62fa09..de18d66 100644
--- a/src/core/dim_core_main.c
+++ b/src/core/dim_core_main.c
@@ -33,15 +33,11 @@ MODULE_PARM_DESC(measure_pcr, "TPM PCR index to extend measure log");
/* special measurement configuration for dim_core */
static unsigned int measure_interval = 0;
-bool dim_core_measure_action_enabled = 0;
static bool signature = false;
module_param(measure_interval, uint, 0);
MODULE_PARM_DESC(measure_interval, "Interval time (min) for automatic measurement");
-module_param_named(measure_action, dim_core_measure_action_enabled, bool, 0);
-MODULE_PARM_DESC(signature, "Enable actions when tampering detected");
-
module_param(signature, bool, 0);
MODULE_PARM_DESC(signature, "Require signature for policy and static baseline");
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
index f5b378c..6b8cd49 100644
--- a/src/core/dim_core_measure.c
+++ b/src/core/dim_core_measure.c
@@ -32,6 +32,7 @@ static struct work_struct dim_baseline_work;
/* special measurement parameters for dim_core */
static atomic_t measure_interval = ATOMIC_INIT(0);
+static atomic_t measure_action = ATOMIC_INIT(0);
/* interface to print measure status string */
const char *dim_core_status_print(void)
@@ -39,6 +40,22 @@ const char *dim_core_status_print(void)
return dim_measure_status_print(&dim_core_handle);
}
+/* interface to get tampered action */
+long dim_core_measure_action_get(void)
+{
+ return atomic_read(&measure_action);
+}
+
+/* interface to set measure action */
+int dim_core_measure_action_set(unsigned int act)
+{
+ if (act >= DIM_MEASURE_ACTION_MAX)
+ return -ERANGE;
+
+ atomic_set(&measure_action, act);
+ return 0;
+}
+
/* interface to get measure interval */
long dim_core_interval_get(void)
{
diff --git a/src/core/dim_core_measure.h b/src/core/dim_core_measure.h
index 3522ba0..a91d0b3 100644
--- a/src/core/dim_core_measure.h
+++ b/src/core/dim_core_measure.h
@@ -16,7 +16,12 @@
#define DIM_MINUTE_TO_SEC (60UL)
#define DIM_MINUTE_TO_NSEC (60UL * 1000 * 1000 * 1000)
-extern bool dim_core_measure_action_enabled;
+enum dim_measure_action {
+ DIM_MEASURE_ACTION_DISABLE,
+ DIM_MEASURE_ACTION_ENABLE,
+ DIM_MEASURE_ACTION_MAX,
+};
+
extern struct dim_measure dim_core_handle;
/* global init and destroy */
@@ -25,6 +30,8 @@ void dim_core_measure_destroy(void);
/* control function for measurement parameters */
const char *dim_core_status_print(void);
+long dim_core_measure_action_get(void);
+int dim_core_measure_action_set(unsigned int act);
long dim_core_interval_get(void);
int dim_core_interval_set(unsigned int p);
long dim_core_tampered_action_get(void);
diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
index 8522085..643b661 100644
--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
+++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
@@ -134,7 +134,8 @@ static int check_process_digest(struct dim_digest *digest,
return ret;
}
- if (log_flag != LOG_TAMPERED || !dim_core_measure_action_enabled)
+ if (log_flag != LOG_TAMPERED ||
+ dim_core_measure_action_get() == DIM_MEASURE_ACTION_DISABLE)
return 0;
/* now the process is tampered, check if action need to be taken */
--
2.33.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手