build-sys: use #if Y instead of #ifdef Y everywhere

[thirdparty/systemd.git] / src / core / ima-setup.c

diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c
index 4f42ae6f31b62606ef42684df68b4bb8a19122fc..1aaae9f49ea6b9ed05c5e88965a50fcd8cf83ad4 100644 (file)
--- a/src/core/ima-setup.c
+++ b/src/core/ima-setup.c
@@ -1,11 +1,9 @@
-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
 /***
   This file is part of systemd.
 
   Copyright 2010 Lennart Poettering
   Copyright (C) 2012 Roberto Sassu - Politecnico di Torino, Italy
-                                     TORSEC group -- http://security.polito.it
+                                     TORSEC group — http://security.polito.it
 
   systemd is free software; you can redistribute it and/or modify it
   under the terms of the GNU Lesser General Public License as published by
@@ -35,7 +33,7 @@
 #define IMA_POLICY_PATH "/etc/ima/ima-policy"
 
 int ima_setup(void) {
-#ifdef HAVE_IMA
+#if HAVE_IMA
         _cleanup_fclose_ FILE *input = NULL;
         _cleanup_close_ int imafd = -1;
         unsigned lineno = 0;
@@ -46,18 +44,35 @@ int ima_setup(void) {
                 return 0;
         }
 
-        input = fopen(IMA_POLICY_PATH, "re");
-        if (!input) {
-                log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, errno,
-                               "Failed to open the IMA custom policy file "IMA_POLICY_PATH", ignoring: %m");
+        if (access(IMA_SECFS_POLICY, W_OK) < 0) {
+                log_warning("Another IMA custom policy has already been loaded, ignoring.");
                 return 0;
         }
 
-        if (access(IMA_SECFS_POLICY, F_OK) < 0) {
-                log_warning("Another IMA custom policy has already been loaded, ignoring.");
+        if (access(IMA_POLICY_PATH, F_OK) < 0) {
+                log_debug("No IMA custom policy file "IMA_POLICY_PATH", ignoring.");
+                return 0;
+        }
+
+        imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
+        if (imafd < 0) {
+                log_error_errno(errno, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY", ignoring: %m");
                 return 0;
         }
 
+        /* attempt to write the name of the policy file into sysfs file */
+        if (write(imafd, IMA_POLICY_PATH, strlen(IMA_POLICY_PATH)) > 0)
+                goto done;
+
+        /* fall back to copying the policy line-by-line */
+        input = fopen(IMA_POLICY_PATH, "re");
+        if (!input) {
+                log_warning_errno(errno, "Failed to open the IMA custom policy file "IMA_POLICY_PATH", ignoring: %m");
+                return 0;
+        }
+
+        close(imafd);
+
         imafd = open(IMA_SECFS_POLICY, O_WRONLY|O_CLOEXEC);
         if (imafd < 0) {
                 log_error_errno(errno, "Failed to open the IMA kernel interface "IMA_SECFS_POLICY", ignoring: %m");
@@ -76,6 +91,7 @@ int ima_setup(void) {
                                                lineno);
         }
 
+done:
         log_info("Successfully loaded the IMA custom policy "IMA_POLICY_PATH".");
 #endif /* HAVE_IMA */
         return 0;