Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ade24c93 authored by James Morris's avatar James Morris
Browse files

Merge branch 'for-Linus' of... 

Merge branch 'for-Linus' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into for-linus

Pulled from Mimi's tree.
parents 5f243b9b a7f2a366

security/integrity/ima/ima.h

+1 −0
Original line number Diff line number Diff line
@@ -139,6 +139,7 @@ void ima_delete_rules(void); 
/* Appraise integrity measurements */

#define IMA_APPRAISE_ENFORCE	0x01

#define IMA_APPRAISE_FIX	0x02

#define IMA_APPRAISE_MODULES	0x04



#ifdef CONFIG_IMA_APPRAISE

int ima_appraise_measurement(struct integrity_iint_cache *iint,

security/integrity/ima/ima_main.c

+8 −4
Original line number Diff line number Diff line
@@ -291,11 +291,15 @@ EXPORT_SYMBOL_GPL(ima_file_check); 
 */

int ima_module_check(struct file *file)

{

	int rc;

	int rc = 0;



	if (!file)

		rc = INTEGRITY_UNKNOWN;

	else

	if (!file) {

		if (ima_appraise & IMA_APPRAISE_MODULES) {

#ifndef CONFIG_MODULE_SIG_FORCE

			rc = -EACCES;	/* INTEGRITY_UNKNOWN */

#endif

		}

	} else

		rc = process_measurement(file, file->f_dentry->d_name.name,

					 MAY_EXEC, MODULE_CHECK);

	return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;

security/integrity/ima/ima_policy.c

+2 −1
Original line number Diff line number Diff line
@@ -523,7 +523,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) 
	}

	if (!result && (entry->action == UNKNOWN))

		result = -EINVAL;



	else if (entry->func == MODULE_CHECK)

		ima_appraise |= IMA_APPRAISE_MODULES;

	audit_log_format(ab, "res=%d", !result);

	audit_log_end(ab);

	return result;