diff for duplicates of <1573742237.4793.30.camel@linux.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 92db5fa..62168f4 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -4,14 +4,15 @@ On Wed, 2019-11-13 at 19:12 -0800, Lakshmi Ramasubramanian wrote: > + * @rule: a pointer to a rule > + * @keyring: name of the keyring to match against the measure rule > + * -> + * If the measure action for KEY_CHECK does not specify keyrings> + * option then return true (Measure all keys). +> + * If the measure action for KEY_CHECK does not specify keyrings= +> + * option then return true (Measure all keys). > + * Else, return true if the given keyring name is present in > + * the keyrings= option. False, otherwise. > + */ > +static bool ima_match_keyring(struct ima_rule_entry *rule, > + const char *keyring) > +{ -> + if ((keyring = NULL) || (rule->keyrings = NULL) +> + if ((keyring == NULL) || (rule->keyrings == NULL) > + return true; If the policy requires matching a specific keyring, then the "keyring" @@ -59,10 +60,10 @@ Mimi > { > int i; > -> if ((func = KEXEC_CMDLINE) || (func = KEY_CHECK)) { -> - if ((rule->flags & IMA_FUNC) && (rule->func = func)) -> + if ((rule->flags & IMA_FUNC) && (rule->func = func)) { -> + if (func = KEY_CHECK) +> if ((func == KEXEC_CMDLINE) || (func == KEY_CHECK)) { +> - if ((rule->flags & IMA_FUNC) && (rule->func == func)) +> + if ((rule->flags & IMA_FUNC) && (rule->func == func)) { +> + if (func == KEY_CHECK) > + return ima_match_keyring(rule, keyring); > return true; > + } diff --git a/a/content_digest b/N1/content_digest index 6f48a10..c45c6d4 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,7 +2,7 @@ "ref\020191114031202.18012-5-nramas@linux.microsoft.com\0" "From\0Mimi Zohar <zohar@linux.ibm.com>\0" "Subject\0Re: [PATCH v7 4/5] IMA: Add support to limit measuring keys\0" - "Date\0Thu, 14 Nov 2019 14:37:17 +0000\0" + "Date\0Thu, 14 Nov 2019 09:37:17 -0500\0" "To\0Lakshmi Ramasubramanian <nramas@linux.microsoft.com>" dhowells@redhat.com matthewgarrett@google.com @@ -20,14 +20,15 @@ "> + * @rule: a pointer to a rule\n" "> + * @keyring: name of the keyring to match against the measure rule\n" "> + *\n" - "> + * If the measure action for KEY_CHECK does not specify keyrings> + * option then return true (Measure all keys).\n" + "> + * If the measure action for KEY_CHECK does not specify keyrings=\n" + "> + * option then return true (Measure all keys).\n" "> + * Else, return true if the given keyring name is present in\n" "> + * the keyrings= option. False, otherwise.\n" "> + */\n" "> +static bool ima_match_keyring(struct ima_rule_entry *rule,\n" "> +\t\t\t const char *keyring)\n" "> +{\n" - "> +\tif ((keyring = NULL) || (rule->keyrings = NULL)\n" + "> +\tif ((keyring == NULL) || (rule->keyrings == NULL)\n" "> +\t\treturn true;\n" "\n" "If the policy requires matching a specific keyring, then the \"keyring\"\n" @@ -75,10 +76,10 @@ "> {\n" "> \tint i;\n" "> \n" - "> \tif ((func = KEXEC_CMDLINE) || (func = KEY_CHECK)) {\n" - "> -\t\tif ((rule->flags & IMA_FUNC) && (rule->func = func))\n" - "> +\t\tif ((rule->flags & IMA_FUNC) && (rule->func = func)) {\n" - "> +\t\t\tif (func = KEY_CHECK)\n" + "> \tif ((func == KEXEC_CMDLINE) || (func == KEY_CHECK)) {\n" + "> -\t\tif ((rule->flags & IMA_FUNC) && (rule->func == func))\n" + "> +\t\tif ((rule->flags & IMA_FUNC) && (rule->func == func)) {\n" + "> +\t\t\tif (func == KEY_CHECK)\n" "> +\t\t\t\treturn ima_match_keyring(rule, keyring);\n" "> \t\t\treturn true;\n" "> +\t\t}\n" @@ -86,4 +87,4 @@ "> \t}\n" "> \tif ((rule->flags & IMA_FUNC) &&" -fa114cdedf8b790d7b7dc7986dee919651a94c47badc989f6a89b24b746e10fd +aaf8c7c47fd150b0398c3ebcbbdfee531f8861510641278b4379af2ab0eb5f6c
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.