ima: change ima_measurements_show() to display the entry specific pcr

IMA assumes that the same default Kconfig PCR is extended for each
entry. This patch replaces the default configured PCR with the policy
defined PCR.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 60d011aaec389dc26e77091e86455cd550892c64..c07a3844ea0a290efcee652b3212483e4e58f067 100644 (file)
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -123,7 +123,6 @@ static int ima_measurements_show(struct seq_file *m, void *v)
        struct ima_template_entry *e;
        char *template_name;
        int namelen;
-       u32 pcr = CONFIG_IMA_MEASURE_PCR_IDX;
        bool is_ima_template = false;
        int i;
 
@@ -137,10 +136,10 @@ static int ima_measurements_show(struct seq_file *m, void *v)
 
        /*
         * 1st: PCRIndex
-        * PCR used is always the same (config option) in
-        * little-endian format
+        * PCR used defaults to the same (config option) in
+        * little-endian format, unless set in policy
         */
-       ima_putc(m, &pcr, sizeof(pcr));
+       ima_putc(m, &e->pcr, sizeof(e->pcr));
 
        /* 2nd: template digest */
        ima_putc(m, e->digest, TPM_DIGEST_SIZE);
@@ -219,7 +218,7 @@ static int ima_ascii_measurements_show(struct seq_file *m, void *v)
            e->template_desc->name : e->template_desc->fmt;
 
        /* 1st: PCR used (config option) */
-       seq_printf(m, "%2d ", CONFIG_IMA_MEASURE_PCR_IDX);
+       seq_printf(m, "%2d ", e->pcr);
 
        /* 2nd: SHA1 template hash */
        ima_print_digest(m, e->digest, TPM_DIGEST_SIZE);