Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a2c2c3a7 authored by Mimi Zohar's avatar Mimi Zohar Committed by James Morris
Browse files

ima: "remove enforce checking duplication" merge fix 



Commit "750943a3 ima: remove enforce checking duplication" combined
the 'in IMA policy' and 'enforcing file integrity' checks.  For
the non-file, kernel module verification, a specific check for
'enforcing file integrity' was not added.  This patch adds the
check.

Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
parent ab782659

security/integrity/ima/ima_main.c

+2 −1
Original line number Diff line number Diff line
@@ -284,7 +284,8 @@ int ima_module_check(struct file *file) 
{

	if (!file) {

#ifndef CONFIG_MODULE_SIG_FORCE

		if (ima_appraise & IMA_APPRAISE_MODULES)

		if ((ima_appraise & IMA_APPRAISE_MODULES) &&

		    (ima_appraise & IMA_APPRAISE_ENFORCE))

			return -EACCES;	/* INTEGRITY_UNKNOWN */

#endif

		return 0;	/* We rely on module signature checking */