github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-11 16:13:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
cdaedaba68
linux/security/integrity/ima
History
Roberto Sassu 657a03ff6c ima: Fix return value of ima_write_policy() 
[ Upstream commit 2e3a34e9f4 ]

This patch fixes the return value of ima_write_policy() when a new policy
is directly passed to IMA and the current policy requires appraisal of the
file containing the policy. Currently, if appraisal is not in ENFORCE mode,
ima_write_policy() returns 0 and leads user space applications to an
endless loop. Fix this issue by denying the operation regardless of the
appraisal mode.

Cc: stable@vger.kernel.org # 4.10.x
Fixes: 19f8a84713 ("ima: measure and appraise the IMA policy itself")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-05-27 17:37:29 +02:00
..
ima_api.c audit: use inline function to get audit context 2018-05-14 17:24:18 -04:00
ima_appraise.c IMA: don't propagate opened through the entire thing 2018-07-12 10:04:19 -04:00
ima_crypto.c ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash() 2020-05-27 17:37:28 +02:00
ima_fs.c ima: Fix return value of ima_write_policy() 2020-05-27 17:37:29 +02:00
ima_init.c ima: Get rid of ima_used_chip and use ima_tpm_chip != NULL instead 2018-07-28 17:03:11 +03:00
ima_kexec.c ima: Unify logging 2018-05-17 07:49:12 -04:00
ima_main.c Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-08-15 10:25:26 -07:00
ima_mok.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
ima_policy.c ima: show rules with IMA_INMASK correctly 2019-06-09 09:17:21 +02:00
ima_queue.c ima: Get rid of ima_used_chip and use ima_tpm_chip != NULL instead 2018-07-28 17:03:11 +03:00
ima_template_lib.c ima: Unify logging 2018-05-17 07:49:12 -04:00
ima_template_lib.h ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
ima_template.c ima: Fix line continuation format 2017-12-18 09:43:47 -05:00
ima.h Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-08-15 22:51:12 -07:00
Kconfig ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set 2018-07-18 07:27:22 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00