ima: remove usage of filename parameter

In all cases except ima_bprm_check() the filename was not defined
and ima_d_path() was used to find the full path.  Unfortunately,
the bprm filename is a relative pathname (eg. ./<dir>/filename).

ima_bprm_check() selects between bprm->interp and bprm->filename.
The following dump demonstrates the differences between using
filename and interp.

bprm->filename
 filename: ./foo.sh, pathname: /root/bin/foo.sh
 filename: ./foo.sh, pathname: /bin/dash

bprm->interp
 filename: ./foo.sh, pathname: /root/bin/foo.sh
 filename: /bin/sh, pathname: /bin/dash

In both cases the pathnames are currently the same.  This patch
removes usage of filename and interp in favor of d_absolute_path.

Changes v3:
- 11 extra bytes for "deleted" not needed (Mimi)
- purpose "replace relative bprm filename with full pathname" (Mimi)

Changes v2:
- use d_absolute_path() instead of d_path to work in chroot environments.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

1 files changed, 2 insertions, 3 deletions

diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index d9cd5ce14d2b..65c41a968cc1 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -330,10 +330,9 @@ const char *ima_d_path(struct path *path, char **pathbuf)
 {
 	char *pathname = NULL;
 
-	/* We will allow 11 spaces for ' (deleted)' to be appended */
-	*pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
+	*pathbuf = kmalloc(PATH_MAX, GFP_KERNEL);
 	if (*pathbuf) {
-		pathname = d_path(path, *pathbuf, PATH_MAX + 11);
+		pathname = d_absolute_path(path, *pathbuf, PATH_MAX);
 		if (IS_ERR(pathname)) {
 			kfree(*pathbuf);
 			*pathbuf = NULL;