github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-11 16:13:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
cdaedaba68
linux/security/integrity
History
Roberto Sassu 657a03ff6c ima: Fix return value of ima_write_policy() 
[ Upstream commit 2e3a34e9f4 ]

This patch fixes the return value of ima_write_policy() when a new policy
is directly passed to IMA and the current policy requires appraisal of the
file containing the policy. Currently, if appraisal is not in ENFORCE mode,
ima_write_policy() returns 0 and leads user space applications to an
endless loop. Fix this issue by denying the operation regardless of the
appraisal mode.

Cc: stable@vger.kernel.org # 4.10.x
Fixes: 19f8a84713 ("ima: measure and appraise the IMA policy itself")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-05-27 17:37:29 +02:00
..
evm evm: Check also if *tfm is an error pointer in init_desc() 2020-05-27 17:37:28 +02:00
ima ima: Fix return value of ima_write_policy() 2020-05-27 17:37:29 +02:00
digsig_asymmetric.c integrity: prevent deadlock during digsig verification. 2018-07-18 07:27:22 -04:00
digsig.c integrity/security: fix digsig.c build error with header file 2018-02-22 20:09:08 -08:00
iint.c integrity: silence warning when CONFIG_SECURITYFS is not enabled 2018-07-18 07:27:22 -04:00
integrity_audit.c ima: Use audit_log_format() rather than audit_log_string() 2018-07-18 07:27:22 -04:00
integrity.h ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set 2018-07-18 07:27:22 -04:00
Kconfig security: integrity: Remove select to deleted option PUBLIC_KEY_ALGO_RSA 2016-04-12 19:54:58 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00