Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 20f482ab authored by Lans Zhang's avatar Lans Zhang Committed by Mimi Zohar
Browse files

ima: allow to check MAY_APPEND 



Otherwise some mask and inmask tokens with MAY_APPEND flag may not work
as expected.

Signed-off-by: default avatarLans Zhang <jia.zhang@windriver.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent bc15ed66

security/integrity/ima/ima_api.c

+2 −1
Original line number Diff line number Diff line
@@ -157,7 +157,8 @@ void ima_add_violation(struct file *file, const unsigned char *filename, 
/**

 * ima_get_action - appraise & measure decision based on policy.

 * @inode: pointer to inode to measure

 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)

 * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC,

 *        MAY_APPEND)

 * @func: caller identifier

 * @pcr: pointer filled in if matched measure policy sets pcr=

 *

security/integrity/ima/ima_main.c

+3 −3
Original line number Diff line number Diff line
@@ -309,7 +309,7 @@ int ima_bprm_check(struct linux_binprm *bprm) 
/**

 * ima_path_check - based on policy, collect/store measurement.

 * @file: pointer to the file to be measured

 * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE

 * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND

 *

 * Measure files based on the ima_must_measure() policy decision.

 *
@@ -319,8 +319,8 @@ int ima_bprm_check(struct linux_binprm *bprm) 
int ima_file_check(struct file *file, int mask, int opened)

{

	return process_measurement(file, NULL, 0,

				   mask & (MAY_READ | MAY_WRITE | MAY_EXEC),

				   FILE_CHECK, opened);

				   mask & (MAY_READ | MAY_WRITE | MAY_EXEC |

					   MAY_APPEND), FILE_CHECK, opened);

}

EXPORT_SYMBOL_GPL(ima_file_check);