Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1f100979 authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar
Browse files

evm: prevent passing integrity check if xattr read fails 



This patch fixes a bug, where evm_verify_hmac() returns INTEGRITY_PASS
if inode->i_op->getxattr() returns an error in evm_find_protected_xattrs.

Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
parent e7d021e2

security/integrity/evm/evm_main.c

+4 −3
Original line number Diff line number Diff line
@@ -126,14 +126,15 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, 
	rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0,

				GFP_NOFS);

	if (rc <= 0) {

		if (rc == 0)

			evm_status = INTEGRITY_FAIL; /* empty */

		else if (rc == -ENODATA) {

		evm_status = INTEGRITY_FAIL;

		if (rc == -ENODATA) {

			rc = evm_find_protected_xattrs(dentry);

			if (rc > 0)

				evm_status = INTEGRITY_NOLABEL;

			else if (rc == 0)

				evm_status = INTEGRITY_NOXATTRS; /* new file */

		} else if (rc == -EOPNOTSUPP) {

			evm_status = INTEGRITY_UNKNOWN;

		}

		goto out;

	}