Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8a3bcaf6 authored Jun 04, 2018 by Stefan Berger Committed by Mimi Zohar Jul 18, 2018

ima: Call audit_log_string() rather than logging it untrusted



The parameters passed to this logging function are all provided by
a privileged user and therefore we can call audit_log_string()
rather than audit_log_untrustedstring().

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Suggested-by: Steve Grubb <sgrubb@redhat.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

parent 87ea5843

security/integrity/ima/ima_policy.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -663,7 +663,7 @@ static void ima_log_string_op(struct audit_buffer ab, char key, char *value,
	audit_log_format(ab, "%s<", key);		audit_log_format(ab, "%s<", key);
	else		else
	audit_log_format(ab, "%s=", key);		audit_log_format(ab, "%s=", key);
	audit_log_untrustedstring(ab, value);		audit_log_string(ab, value);
	audit_log_format(ab, " ");		audit_log_format(ab, " ");
	}		}
	static void ima_log_string(struct audit_buffer ab, char key, char *value)		static void ima_log_string(struct audit_buffer ab, char key, char *value)