diff options
| -rw-r--r-- | src/libpts/plugins/imv_attestation/attest_db.c | 20 | ||||
| -rwxr-xr-x[-rw-r--r--] | src/libpts/plugins/imv_attestation/build-database.sh | 7 |
2 files changed, 25 insertions, 2 deletions
diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c index ebd660600..55afcab58 100644 --- a/src/libpts/plugins/imv_attestation/attest_db.c +++ b/src/libpts/plugins/imv_attestation/attest_db.c @@ -1248,6 +1248,25 @@ METHOD(attest_db_t, delete, bool, { bool success; + /* delete a file measurement hash for a given product */ + if (this->algo && this->pid && this->fid) + { + success = this->db->execute(this->db, NULL, + "DELETE FROM file_hashes " + "WHERE algo = ? AND product = ? " + "AND file = ? AND directory = ?", + DB_UINT, this->algo, DB_UINT, this->pid, + DB_UINT, this->fid, DB_UINT, this->cid) > 0; + + printf("%4d: %s%s%s\n", this->fid, this->dir, this->did ? "/":"", + this->file); + printf("%N value for product '%s' %sdeleted from database\n", + pts_meas_algorithm_names, this->algo, this->product, + success ? "" : "could not be "); + + return success; + } + if (this->pid && (this->fid || this->did)) { printf("deletion of product/file entries not supported yet\n"); @@ -1370,7 +1389,6 @@ attest_db_t *attest_db_create(char *uri) .destroy = _destroy, }, .dir = strdup(""), - .algo = PTS_MEAS_ALGO_SHA256, .db = lib->db->create(lib->db, uri), ); diff --git a/src/libpts/plugins/imv_attestation/build-database.sh b/src/libpts/plugins/imv_attestation/build-database.sh index 91c644c03..b24ad0252 100644..100755 --- a/src/libpts/plugins/imv_attestation/build-database.sh +++ b/src/libpts/plugins/imv_attestation/build-database.sh @@ -233,4 +233,9 @@ ipsec attest --add --product "$p" --sha1-ima --relative --dir /usr/lib/xorg/mod ipsec attest --add --product "$p" --sha1-ima --relative --dir /usr/lib/xorg/modules/extensions ipsec attest --add --product "$p" --sha1-ima --relative --dir /usr/lib/xorg/modules/input ipsec attest --add --product "$p" --sha1-ima --relative --dir /usr/share/fonts/truetype/ubuntu-font-family - +ipsec attest --del --product "$p" --sha1 --file /lib/resolvconf/list-records +ipsec attest --del --product "$p" --sha1-ima --file /lib/resolvconf/list-records +ipsec attest --del --product "$p" --sha1 --file /usr/bin/lsb_release +ipsec attest --del --product "$p" --sha1-ima --file /usr/bin/lsb_release +ipsec attest --del --product "$p" --sha1 --file /usr/share/language-tools/language-options +ipsec attest --del --product "$p" --sha1-ima --file /usr/share/language-tools/language-options |