integrity: path_check update (b9fc745d) · Commits · e / devices / android_kernel_fairphone_FP4

fs/exec.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -130,7 +130,8 @@ SYSCALL_DEFINE1(uselib, const char __user *, library)
		MAY_READ \| MAY_EXEC \| MAY_OPEN);
		if (error)
		goto exit;
		error = ima_path_check(&nd.path, MAY_READ \| MAY_EXEC \| MAY_OPEN);
		error = ima_path_check(&nd.path, MAY_READ \| MAY_EXEC \| MAY_OPEN,
		IMA_COUNT_UPDATE);
		if (error)
		goto exit;

		@@ -680,7 +681,7 @@ struct file open_exec(const char name)
		err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC \| MAY_OPEN);
		if (err)
		goto out_path_put;
		err = ima_path_check(&nd.path, MAY_EXEC \| MAY_OPEN);
		err = ima_path_check(&nd.path, MAY_EXEC \| MAY_OPEN, IMA_COUNT_UPDATE);
		if (err)
		goto out_path_put;

+4 −2

Original line number	Diff line number	Diff line
		@@ -853,7 +853,8 @@ static int __link_path_walk(const char name, struct nameidata nd)
		err = inode_permission(nd->path.dentry->d_inode,
		MAY_EXEC);
		if (!err)
		err = ima_path_check(&nd->path, MAY_EXEC);
		err = ima_path_check(&nd->path, MAY_EXEC,
		IMA_COUNT_UPDATE);
		if (err)
		break;

		@@ -1515,7 +1516,8 @@ int may_open(struct path *path, int acc_mode, int flag)
		return error;

		error = ima_path_check(path,
		acc_mode & (MAY_READ \| MAY_WRITE \| MAY_EXEC));
		acc_mode & (MAY_READ \| MAY_WRITE \| MAY_EXEC),
		IMA_COUNT_UPDATE);
		if (error)
		return error;
		/*

+7 −4

Original line number	Diff line number	Diff line
		@@ -13,14 +13,17 @@
		#include <linux/fs.h>
		struct linux_binprm;

		#define IMA_COUNT_UPDATE 1
		#define IMA_COUNT_LEAVE 0

		#ifdef CONFIG_IMA
		extern int ima_bprm_check(struct linux_binprm *bprm);
		extern int ima_inode_alloc(struct inode *inode);
		extern void ima_inode_free(struct inode *inode);
		extern int ima_path_check(struct path *path, int mask);
		extern int ima_path_check(struct path *path, int mask, int update_counts);
		extern void ima_file_free(struct file *file);
		extern int ima_file_mmap(struct file *file, unsigned long prot);
		extern void ima_shm_check(struct file *file);
		extern void ima_counts_get(struct file *file);

		#else
		static inline int ima_bprm_check(struct linux_binprm *bprm)
		@@ -38,7 +41,7 @@ static inline void ima_inode_free(struct inode *inode)
		return;
		}

		static inline int ima_path_check(struct path *path, int mask)
		static inline int ima_path_check(struct path *path, int mask, int update_counts)
		{
		return 0;
		}
		@@ -53,7 +56,7 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot)
		return 0;
		}

		static inline void ima_shm_check(struct file *file)
		static inline void ima_counts_get(struct file *file)
		{
		return;
		}

+2 −2

Original line number	Diff line number	Diff line
		@@ -384,7 +384,7 @@ static int newseg(struct ipc_namespace ns, struct ipc_params params)
		error = PTR_ERR(file);
		if (IS_ERR(file))
		goto no_file;
		ima_shm_check(file);
		ima_counts_get(file);

		id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
		if (id < 0) {
		@@ -891,7 +891,7 @@ long do_shmat(int shmid, char __user shmaddr, int shmflg, ulong raddr)
		file = alloc_file(path.mnt, path.dentry, f_mode, &shm_file_operations);
		if (!file)
		goto out_free;
		ima_shm_check(file);
		ima_counts_get(file);

		file->private_data = sfd;
		file->f_mapping = shp->shm_file->f_mapping;

+1 −1

Original line number	Diff line number	Diff line
		@@ -2684,7 +2684,7 @@ int shmem_zero_setup(struct vm_area_struct *vma)
		if (IS_ERR(file))
		return PTR_ERR(file);

		ima_shm_check(file);
		ima_counts_get(file);
		if (vma->vm_file)
		fput(vma->vm_file);
		vma->vm_file = file;