Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 607259e1 authored by James Morris's avatar James Morris Committed by James Morris
Browse files

Merge branch 'next' of... 

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into ra-next
parents aa98b942 1d6d167c

security/integrity/ima/ima_fs.c

+9 −9
Original line number Original line Diff line number Diff line
@@ -261,13 +261,8 @@ static const struct file_operations ima_ascii_measurements_ops = { 
static ssize_t ima_write_policy(struct file *file, const char __user *buf,

static ssize_t ima_write_policy(struct file *file, const char __user *buf,

				size_t datalen, loff_t *ppos)

				size_t datalen, loff_t *ppos)

{

{

	char *data = NULL;

	char *data;

	ssize_t result;

	ssize_t result;

	int res;



	res = mutex_lock_interruptible(&ima_write_mutex);

	if (res)

		return res;





	if (datalen >= PAGE_SIZE)

	if (datalen >= PAGE_SIZE)

		datalen = PAGE_SIZE - 1;

		datalen = PAGE_SIZE - 1;
@@ -286,14 +281,19 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, 




	result = -EFAULT;

	result = -EFAULT;

	if (copy_from_user(data, buf, datalen))

	if (copy_from_user(data, buf, datalen))

		goto out;

		goto out_free;





	result = mutex_lock_interruptible(&ima_write_mutex);

	if (result < 0)

		goto out_free;

	result = ima_parse_add_rule(data);

	result = ima_parse_add_rule(data);

	mutex_unlock(&ima_write_mutex);



out_free:

	kfree(data);

out:

out:

	if (result < 0)

	if (result < 0)

		valid_policy = 0;

		valid_policy = 0;

	kfree(data);

	mutex_unlock(&ima_write_mutex);





	return result;

	return result;

}

}

security/keys/key.c

+1 −2
Original line number Original line Diff line number Diff line
@@ -430,7 +430,6 @@ static int __key_instantiate_and_link(struct key *key, 




			/* and link it into the destination keyring */

			/* and link it into the destination keyring */

			if (keyring) {

			if (keyring) {

				if (test_bit(KEY_FLAG_KEEP, &keyring->flags))

				set_bit(KEY_FLAG_KEEP, &key->flags);

				set_bit(KEY_FLAG_KEEP, &key->flags);





				__key_link(key, _edit);

				__key_link(key, _edit);

security/keys/keyctl.c

+7 −10
Original line number Original line Diff line number Diff line
@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id) 
	}

	}





	key = key_ref_to_ptr(key_ref);

	key = key_ref_to_ptr(key_ref);

	ret = 0;

	if (test_bit(KEY_FLAG_KEEP, &key->flags))

	if (test_bit(KEY_FLAG_KEEP, &key->flags))

		return -EPERM;

		ret = -EPERM;

	else {

	else

		key_revoke(key);

		key_revoke(key);

		ret = 0;

	}





	key_ref_put(key_ref);

	key_ref_put(key_ref);

error:

error:
@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t id) 




invalidate:

invalidate:

	key = key_ref_to_ptr(key_ref);

	key = key_ref_to_ptr(key_ref);

	ret = 0;

	if (test_bit(KEY_FLAG_KEEP, &key->flags))

	if (test_bit(KEY_FLAG_KEEP, &key->flags))

		ret = -EPERM;

		ret = -EPERM;

	else {

	else

		key_invalidate(key);

		key_invalidate(key);

		ret = 0;

	}

error_put:

error_put:

	key_ref_put(key_ref);

	key_ref_put(key_ref);

error:

error:
@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout) 




okay:

okay:

	key = key_ref_to_ptr(key_ref);

	key = key_ref_to_ptr(key_ref);

	ret = 0;

	if (test_bit(KEY_FLAG_KEEP, &key->flags))

	if (test_bit(KEY_FLAG_KEEP, &key->flags))

		ret = -EPERM;

		ret = -EPERM;

	else {

	else

		key_set_timeout(key, timeout);

		key_set_timeout(key, timeout);

		ret = 0;

	}

	key_put(key);

	key_put(key);





error:

error: