diff options
author | Linus Torvalds | 2013-02-25 15:45:29 -0800 |
---|---|---|
committer | Linus Torvalds | 2013-02-25 15:45:29 -0800 |
commit | f6d43b93bd07cf3e430f426ee8f1330cb8d5d8c9 (patch) | |
tree | 284d1fc1e6954b747eb3c68dcb77a704e9a6b579 | |
parent | c69d0a15d240a854f6d620ac7d5238a41883a920 (diff) | |
parent | 446d64e3e1154806092ac27de198dff1225797d9 (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem fixes from James Morris:
"From Mimi:
Both of these patches are bug fixes for patches, which were
upstreamed in this open window. The first patch addresses a merge
issue. The second patch addresses a CONFIG_BLOCK dependency."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
block: fix part_pack_uuid() build error
ima: "remove enforce checking duplication" merge fix
-rw-r--r-- | include/linux/genhd.h | 10 | ||||
-rw-r--r-- | security/integrity/ima/ima_main.c | 3 | ||||
-rw-r--r-- | security/integrity/ima/ima_policy.c | 11 |
3 files changed, 18 insertions, 6 deletions
diff --git a/include/linux/genhd.h b/include/linux/genhd.h index 79b8bba19363..9f3c275e053e 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -231,6 +231,12 @@ static inline void part_pack_uuid(const u8 *uuid_str, u8 *to) } } +static inline int blk_part_pack_uuid(const u8 *uuid_str, u8 *to) +{ + part_pack_uuid(uuid_str, to); + return 0; +} + static inline int disk_max_parts(struct gendisk *disk) { if (disk->flags & GENHD_FL_EXT_DEVT) @@ -718,6 +724,10 @@ static inline dev_t blk_lookup_devt(const char *name, int partno) return devt; } +static inline int blk_part_pack_uuid(const u8 *uuid_str, u8 *to) +{ + return -EINVAL; +} #endif /* CONFIG_BLOCK */ #endif /* _LINUX_GENHD_H */ diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 5127afcc4b89..5b14a0946d6e 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -284,7 +284,8 @@ int ima_module_check(struct file *file) { if (!file) { #ifndef CONFIG_MODULE_SIG_FORCE - if (ima_appraise & IMA_APPRAISE_MODULES) + if ((ima_appraise & IMA_APPRAISE_MODULES) && + (ima_appraise & IMA_APPRAISE_ENFORCE)) return -EACCES; /* INTEGRITY_UNKNOWN */ #endif return 0; /* We rely on module signature checking */ diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index b27535a13a79..399433ad614e 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -176,7 +176,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, && rule->fsmagic != inode->i_sb->s_magic) return false; if ((rule->flags & IMA_FSUUID) && - memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid))) + memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid))) return false; if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) return false; @@ -530,14 +530,15 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) ima_log_string(ab, "fsuuid", args[0].from); if (memchr_inv(entry->fsuuid, 0x00, - sizeof(entry->fsuuid))) { + sizeof(entry->fsuuid))) { result = -EINVAL; break; } - part_pack_uuid(args[0].from, entry->fsuuid); - entry->flags |= IMA_FSUUID; - result = 0; + result = blk_part_pack_uuid(args[0].from, + entry->fsuuid); + if (!result) + entry->flags |= IMA_FSUUID; break; case Opt_uid: ima_log_string(ab, "uid", args[0].from); |