mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-05 00:20:32 +00:00
ima: allow to check MAY_APPEND
Otherwise some mask and inmask tokens with MAY_APPEND flag may not work as expected. Signed-off-by: Lans Zhang <jia.zhang@windriver.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
parent
bc15ed663e
commit
20f482ab9e
2 changed files with 5 additions and 4 deletions
|
@ -157,7 +157,8 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
|
||||||
/**
|
/**
|
||||||
* ima_get_action - appraise & measure decision based on policy.
|
* ima_get_action - appraise & measure decision based on policy.
|
||||||
* @inode: pointer to inode to measure
|
* @inode: pointer to inode to measure
|
||||||
* @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
|
* @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC,
|
||||||
|
* MAY_APPEND)
|
||||||
* @func: caller identifier
|
* @func: caller identifier
|
||||||
* @pcr: pointer filled in if matched measure policy sets pcr=
|
* @pcr: pointer filled in if matched measure policy sets pcr=
|
||||||
*
|
*
|
||||||
|
|
|
@ -309,7 +309,7 @@ int ima_bprm_check(struct linux_binprm *bprm)
|
||||||
/**
|
/**
|
||||||
* ima_path_check - based on policy, collect/store measurement.
|
* ima_path_check - based on policy, collect/store measurement.
|
||||||
* @file: pointer to the file to be measured
|
* @file: pointer to the file to be measured
|
||||||
* @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE
|
* @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND
|
||||||
*
|
*
|
||||||
* Measure files based on the ima_must_measure() policy decision.
|
* Measure files based on the ima_must_measure() policy decision.
|
||||||
*
|
*
|
||||||
|
@ -319,8 +319,8 @@ int ima_bprm_check(struct linux_binprm *bprm)
|
||||||
int ima_file_check(struct file *file, int mask, int opened)
|
int ima_file_check(struct file *file, int mask, int opened)
|
||||||
{
|
{
|
||||||
return process_measurement(file, NULL, 0,
|
return process_measurement(file, NULL, 0,
|
||||||
mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
|
mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
|
||||||
FILE_CHECK, opened);
|
MAY_APPEND), FILE_CHECK, opened);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(ima_file_check);
|
EXPORT_SYMBOL_GPL(ima_file_check);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue