diff options
| -rw-r--r-- | include/linux/genhd.h | 10 | ||||
| -rw-r--r-- | security/integrity/ima/ima_main.c | 3 | ||||
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 11 |
3 files changed, 18 insertions, 6 deletions
diff --git a/include/linux/genhd.h b/include/linux/genhd.h index 79b8bba1936..9f3c275e053 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -231,6 +231,12 @@ static inline void part_pack_uuid(const u8 *uuid_str, u8 *to) } } +static inline int blk_part_pack_uuid(const u8 *uuid_str, u8 *to) +{ + part_pack_uuid(uuid_str, to); + return 0; +} + static inline int disk_max_parts(struct gendisk *disk) { if (disk->flags & GENHD_FL_EXT_DEVT) @@ -718,6 +724,10 @@ static inline dev_t blk_lookup_devt(const char *name, int partno) return devt; } +static inline int blk_part_pack_uuid(const u8 *uuid_str, u8 *to) +{ + return -EINVAL; +} #endif /* CONFIG_BLOCK */ #endif /* _LINUX_GENHD_H */ diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 5127afcc4b8..5b14a0946d6 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -284,7 +284,8 @@ int ima_module_check(struct file *file) { if (!file) { #ifndef CONFIG_MODULE_SIG_FORCE - if (ima_appraise & IMA_APPRAISE_MODULES) + if ((ima_appraise & IMA_APPRAISE_MODULES) && + (ima_appraise & IMA_APPRAISE_ENFORCE)) return -EACCES; /* INTEGRITY_UNKNOWN */ #endif return 0; /* We rely on module signature checking */ diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index b27535a13a7..399433ad614 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -176,7 +176,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, && rule->fsmagic != inode->i_sb->s_magic) return false; if ((rule->flags & IMA_FSUUID) && - memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid))) + memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid))) return false; if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) return false; @@ -530,14 +530,15 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) ima_log_string(ab, "fsuuid", args[0].from); if (memchr_inv(entry->fsuuid, 0x00, - sizeof(entry->fsuuid))) { + sizeof(entry->fsuuid))) { result = -EINVAL; break; } - part_pack_uuid(args[0].from, entry->fsuuid); - entry->flags |= IMA_FSUUID; - result = 0; + result = blk_part_pack_uuid(args[0].from, + entry->fsuuid); + if (!result) + entry->flags |= IMA_FSUUID; break; case Opt_uid: ima_log_string(ab, "uid", args[0].from); |