diff for duplicates of <20181213020907.13601-12-bauerman@linux.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 21c4a15..7cb7c0b 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -43,7 +43,7 @@ index bbfa3085d1b5..c5585e75d5d9 100644 if (IS_ERR(keyring)) return PTR_ERR(keyring); -+ if (sig[0] = IMA_MODSIG) ++ if (sig[0] == IMA_MODSIG) + return ima_modsig_verify(keyring, sig); + switch (sig[1]) { @@ -71,9 +71,9 @@ index 69c06e2d7bd6..753d59352718 100644 static inline bool is_signed(const struct evm_ima_xattr_data *xattr_value) { -- return xattr_value && xattr_value->type = EVM_IMA_XATTR_DIGSIG; -+ return xattr_value && (xattr_value->type = EVM_IMA_XATTR_DIGSIG || -+ xattr_value->type = IMA_MODSIG); +- return xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG; ++ return xattr_value && (xattr_value->type == EVM_IMA_XATTR_DIGSIG || ++ xattr_value->type == IMA_MODSIG); } /* @@ -158,7 +158,7 @@ index 085386c77b0b..ad3310ebca97 100644 + ret = asymmetric_sig_has_known_key(keyring, (const char *) xattr_value, + xattr_len); + if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && !ret && -+ func = KEXEC_KERNEL_CHECK && keyring_id = INTEGRITY_KEYRING_IMA) { ++ func == KEXEC_KERNEL_CHECK && keyring_id == INTEGRITY_KEYRING_IMA) { + /* + * When verifying a kexec kernel signature, IMA also looks for + * the key in the platform keyring. @@ -175,10 +175,10 @@ index 085386c77b0b..ad3310ebca97 100644 { @@ -198,6 +229,14 @@ int ima_read_xattr(struct dentry *dentry, 0, GFP_NOFS); - if (ret = -EOPNOTSUPP) + if (ret == -EOPNOTSUPP) ret = 0; + /* IMA_MODSIG is only allowed when appended to files. */ -+ else if (ret > 0 && (*xattr_value)->type = IMA_MODSIG) { ++ else if (ret > 0 && (*xattr_value)->type == IMA_MODSIG) { + ret = -EINVAL; + + kfree(*xattr_value); @@ -197,7 +197,7 @@ index 085386c77b0b..ad3310ebca97 100644 - if (!(inode->i_opflags & IOP_XATTR)) + /* If not appraising a modsig, we need an xattr. */ -+ if ((xattr_value = NULL || xattr_value->type != IMA_MODSIG) && ++ if ((xattr_value == NULL || xattr_value->type != IMA_MODSIG) && + !(inode->i_opflags & IOP_XATTR)) return INTEGRITY_UNKNOWN; @@ -211,7 +211,7 @@ index 085386c77b0b..ad3310ebca97 100644 + * If it's a modsig, we don't have the xattr contents to pass to + * evm_verifyxattr(). + */ -+ if (xattr_value->type = IMA_MODSIG) { ++ if (xattr_value->type == IMA_MODSIG) { + xattr_contents = NULL; + xattr_contents_len = 0; + } else { @@ -228,7 +228,7 @@ index 085386c77b0b..ad3310ebca97 100644 break; case INTEGRITY_NOXATTRS: /* No EVM protected xattrs. */ + /* It's fine not to have xattrs when using a modsig. */ -+ if (xattr_value->type = IMA_MODSIG) ++ if (xattr_value->type == IMA_MODSIG) + break; + /* fall through */ case INTEGRITY_NOLABEL: /* No security.evm xattr. */ @@ -245,9 +245,9 @@ index 085386c77b0b..ad3310ebca97 100644 @@ -454,7 +515,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, result = ima_protect_xattr(dentry, xattr_name, xattr_value, xattr_value_len); - if (result = 1) { + if (result == 1) { - if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) -+ if (!xattr_value_len || xvalue->type = IMA_MODSIG || ++ if (!xattr_value_len || xvalue->type == IMA_MODSIG || + xvalue->type >= IMA_XATTR_LAST) return -EINVAL; ima_reset_appraise_flags(d_backing_inode(dentry), @@ -353,7 +353,7 @@ index 08182bd7f445..f228f333509d 100644 + + key = find_asymmetric_key(keyring, pks->auth_ids[0], NULL, false); + if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && IS_ERR(key) && -+ func = KEXEC_KERNEL_CHECK && keyring_id = INTEGRITY_KEYRING_IMA) { ++ func == KEXEC_KERNEL_CHECK && keyring_id == INTEGRITY_KEYRING_IMA) { + /* + * When verifying a kexec kernel signature, IMA also looks for + * the key in the platform keyring. @@ -471,7 +471,7 @@ index 08182bd7f445..f228f333509d 100644 + if (!hdr) + return; + -+ if (hdr->type = IMA_MODSIG) { ++ if (hdr->type == IMA_MODSIG) { + struct modsig_hdr *modsig = (struct modsig_hdr *) hdr; + + pkcs7_free_message(modsig->pkcs7_msg); diff --git a/a/content_digest b/N1/content_digest index 1caea0c..6cd380b 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020181213020907.13601-1-bauerman@linux.ibm.com\0" "From\0Thiago Jung Bauermann <bauerman@linux.ibm.com>\0" "Subject\0[PATCH v9 11/14] ima: Implement support for module-style appended signatures\0" - "Date\0Thu, 13 Dec 2018 02:09:04 +0000\0" + "Date\0Thu, 13 Dec 2018 00:09:04 -0200\0" "To\0linux-integrity@vger.kernel.org\0" "Cc\0linux-security-module@vger.kernel.org" keyrings@vger.kernel.org @@ -69,7 +69,7 @@ " \tif (IS_ERR(keyring))\n" " \t\treturn PTR_ERR(keyring);\n" " \n" - "+\tif (sig[0] = IMA_MODSIG)\n" + "+\tif (sig[0] == IMA_MODSIG)\n" "+\t\treturn ima_modsig_verify(keyring, sig);\n" "+\n" " \tswitch (sig[1]) {\n" @@ -97,9 +97,9 @@ " \n" " static inline bool is_signed(const struct evm_ima_xattr_data *xattr_value)\n" " {\n" - "-\treturn xattr_value && xattr_value->type = EVM_IMA_XATTR_DIGSIG;\n" - "+\treturn xattr_value && (xattr_value->type = EVM_IMA_XATTR_DIGSIG ||\n" - "+\t\t\t xattr_value->type = IMA_MODSIG);\n" + "-\treturn xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG;\n" + "+\treturn xattr_value && (xattr_value->type == EVM_IMA_XATTR_DIGSIG ||\n" + "+\t\t\t xattr_value->type == IMA_MODSIG);\n" " }\n" " \n" " /*\n" @@ -184,7 +184,7 @@ "+\tret = asymmetric_sig_has_known_key(keyring, (const char *) xattr_value,\n" "+\t\t\t\t\t xattr_len);\n" "+\tif (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && !ret &&\n" - "+\t func = KEXEC_KERNEL_CHECK && keyring_id = INTEGRITY_KEYRING_IMA) {\n" + "+\t func == KEXEC_KERNEL_CHECK && keyring_id == INTEGRITY_KEYRING_IMA) {\n" "+\t\t/*\n" "+\t\t * When verifying a kexec kernel signature, IMA also looks for\n" "+\t\t * the key in the platform keyring.\n" @@ -201,10 +201,10 @@ " {\n" "@@ -198,6 +229,14 @@ int ima_read_xattr(struct dentry *dentry,\n" " \t\t\t\t 0, GFP_NOFS);\n" - " \tif (ret = -EOPNOTSUPP)\n" + " \tif (ret == -EOPNOTSUPP)\n" " \t\tret = 0;\n" "+\t/* IMA_MODSIG is only allowed when appended to files. */\n" - "+\telse if (ret > 0 && (*xattr_value)->type = IMA_MODSIG) {\n" + "+\telse if (ret > 0 && (*xattr_value)->type == IMA_MODSIG) {\n" "+\t\tret = -EINVAL;\n" "+\n" "+\t\tkfree(*xattr_value);\n" @@ -223,7 +223,7 @@ " \n" "-\tif (!(inode->i_opflags & IOP_XATTR))\n" "+\t/* If not appraising a modsig, we need an xattr. */\n" - "+\tif ((xattr_value = NULL || xattr_value->type != IMA_MODSIG) &&\n" + "+\tif ((xattr_value == NULL || xattr_value->type != IMA_MODSIG) &&\n" "+\t !(inode->i_opflags & IOP_XATTR))\n" " \t\treturn INTEGRITY_UNKNOWN;\n" " \n" @@ -237,7 +237,7 @@ "+\t * If it's a modsig, we don't have the xattr contents to pass to\n" "+\t * evm_verifyxattr().\n" "+\t */\n" - "+\tif (xattr_value->type = IMA_MODSIG) {\n" + "+\tif (xattr_value->type == IMA_MODSIG) {\n" "+\t\txattr_contents = NULL;\n" "+\t\txattr_contents_len = 0;\n" "+\t} else {\n" @@ -254,7 +254,7 @@ " \t\tbreak;\n" " \tcase INTEGRITY_NOXATTRS:\t/* No EVM protected xattrs. */\n" "+\t\t/* It's fine not to have xattrs when using a modsig. */\n" - "+\t\tif (xattr_value->type = IMA_MODSIG)\n" + "+\t\tif (xattr_value->type == IMA_MODSIG)\n" "+\t\t\tbreak;\n" "+\t\t/* fall through */\n" " \tcase INTEGRITY_NOLABEL:\t\t/* No security.evm xattr. */\n" @@ -271,9 +271,9 @@ "@@ -454,7 +515,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,\n" " \tresult = ima_protect_xattr(dentry, xattr_name, xattr_value,\n" " \t\t\t\t xattr_value_len);\n" - " \tif (result = 1) {\n" + " \tif (result == 1) {\n" "-\t\tif (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))\n" - "+\t\tif (!xattr_value_len || xvalue->type = IMA_MODSIG ||\n" + "+\t\tif (!xattr_value_len || xvalue->type == IMA_MODSIG ||\n" "+\t\t xvalue->type >= IMA_XATTR_LAST)\n" " \t\t\treturn -EINVAL;\n" " \t\tima_reset_appraise_flags(d_backing_inode(dentry),\n" @@ -379,7 +379,7 @@ "+\n" "+\tkey = find_asymmetric_key(keyring, pks->auth_ids[0], NULL, false);\n" "+\tif (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && IS_ERR(key) &&\n" - "+\t func = KEXEC_KERNEL_CHECK && keyring_id = INTEGRITY_KEYRING_IMA) {\n" + "+\t func == KEXEC_KERNEL_CHECK && keyring_id == INTEGRITY_KEYRING_IMA) {\n" "+\t\t/*\n" "+\t\t * When verifying a kexec kernel signature, IMA also looks for\n" "+\t\t * the key in the platform keyring.\n" @@ -497,7 +497,7 @@ "+\tif (!hdr)\n" "+\t\treturn;\n" "+\n" - "+\tif (hdr->type = IMA_MODSIG) {\n" + "+\tif (hdr->type == IMA_MODSIG) {\n" "+\t\tstruct modsig_hdr *modsig = (struct modsig_hdr *) hdr;\n" "+\n" "+\t\tpkcs7_free_message(modsig->pkcs7_msg);\n" @@ -531,4 +531,4 @@ "+}\n" +#endif /* CONFIG_IMA_APPRAISE_MODSIG */ -9fd3d6134726546774a365e8b6247e9d0e2e75c47566a5fe52ca647678f2ce47 +0933e5f797ce6f442023884880d6daac3a452346bdbfc7aa6d5ce58d1e232950
diff --git a/a/1.txt b/N2/1.txt index 21c4a15..7cb7c0b 100644 --- a/a/1.txt +++ b/N2/1.txt @@ -43,7 +43,7 @@ index bbfa3085d1b5..c5585e75d5d9 100644 if (IS_ERR(keyring)) return PTR_ERR(keyring); -+ if (sig[0] = IMA_MODSIG) ++ if (sig[0] == IMA_MODSIG) + return ima_modsig_verify(keyring, sig); + switch (sig[1]) { @@ -71,9 +71,9 @@ index 69c06e2d7bd6..753d59352718 100644 static inline bool is_signed(const struct evm_ima_xattr_data *xattr_value) { -- return xattr_value && xattr_value->type = EVM_IMA_XATTR_DIGSIG; -+ return xattr_value && (xattr_value->type = EVM_IMA_XATTR_DIGSIG || -+ xattr_value->type = IMA_MODSIG); +- return xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG; ++ return xattr_value && (xattr_value->type == EVM_IMA_XATTR_DIGSIG || ++ xattr_value->type == IMA_MODSIG); } /* @@ -158,7 +158,7 @@ index 085386c77b0b..ad3310ebca97 100644 + ret = asymmetric_sig_has_known_key(keyring, (const char *) xattr_value, + xattr_len); + if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && !ret && -+ func = KEXEC_KERNEL_CHECK && keyring_id = INTEGRITY_KEYRING_IMA) { ++ func == KEXEC_KERNEL_CHECK && keyring_id == INTEGRITY_KEYRING_IMA) { + /* + * When verifying a kexec kernel signature, IMA also looks for + * the key in the platform keyring. @@ -175,10 +175,10 @@ index 085386c77b0b..ad3310ebca97 100644 { @@ -198,6 +229,14 @@ int ima_read_xattr(struct dentry *dentry, 0, GFP_NOFS); - if (ret = -EOPNOTSUPP) + if (ret == -EOPNOTSUPP) ret = 0; + /* IMA_MODSIG is only allowed when appended to files. */ -+ else if (ret > 0 && (*xattr_value)->type = IMA_MODSIG) { ++ else if (ret > 0 && (*xattr_value)->type == IMA_MODSIG) { + ret = -EINVAL; + + kfree(*xattr_value); @@ -197,7 +197,7 @@ index 085386c77b0b..ad3310ebca97 100644 - if (!(inode->i_opflags & IOP_XATTR)) + /* If not appraising a modsig, we need an xattr. */ -+ if ((xattr_value = NULL || xattr_value->type != IMA_MODSIG) && ++ if ((xattr_value == NULL || xattr_value->type != IMA_MODSIG) && + !(inode->i_opflags & IOP_XATTR)) return INTEGRITY_UNKNOWN; @@ -211,7 +211,7 @@ index 085386c77b0b..ad3310ebca97 100644 + * If it's a modsig, we don't have the xattr contents to pass to + * evm_verifyxattr(). + */ -+ if (xattr_value->type = IMA_MODSIG) { ++ if (xattr_value->type == IMA_MODSIG) { + xattr_contents = NULL; + xattr_contents_len = 0; + } else { @@ -228,7 +228,7 @@ index 085386c77b0b..ad3310ebca97 100644 break; case INTEGRITY_NOXATTRS: /* No EVM protected xattrs. */ + /* It's fine not to have xattrs when using a modsig. */ -+ if (xattr_value->type = IMA_MODSIG) ++ if (xattr_value->type == IMA_MODSIG) + break; + /* fall through */ case INTEGRITY_NOLABEL: /* No security.evm xattr. */ @@ -245,9 +245,9 @@ index 085386c77b0b..ad3310ebca97 100644 @@ -454,7 +515,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, result = ima_protect_xattr(dentry, xattr_name, xattr_value, xattr_value_len); - if (result = 1) { + if (result == 1) { - if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) -+ if (!xattr_value_len || xvalue->type = IMA_MODSIG || ++ if (!xattr_value_len || xvalue->type == IMA_MODSIG || + xvalue->type >= IMA_XATTR_LAST) return -EINVAL; ima_reset_appraise_flags(d_backing_inode(dentry), @@ -353,7 +353,7 @@ index 08182bd7f445..f228f333509d 100644 + + key = find_asymmetric_key(keyring, pks->auth_ids[0], NULL, false); + if (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && IS_ERR(key) && -+ func = KEXEC_KERNEL_CHECK && keyring_id = INTEGRITY_KEYRING_IMA) { ++ func == KEXEC_KERNEL_CHECK && keyring_id == INTEGRITY_KEYRING_IMA) { + /* + * When verifying a kexec kernel signature, IMA also looks for + * the key in the platform keyring. @@ -471,7 +471,7 @@ index 08182bd7f445..f228f333509d 100644 + if (!hdr) + return; + -+ if (hdr->type = IMA_MODSIG) { ++ if (hdr->type == IMA_MODSIG) { + struct modsig_hdr *modsig = (struct modsig_hdr *) hdr; + + pkcs7_free_message(modsig->pkcs7_msg); diff --git a/a/content_digest b/N2/content_digest index 1caea0c..7dba802 100644 --- a/a/content_digest +++ b/N2/content_digest @@ -1,27 +1,27 @@ "ref\020181213020907.13601-1-bauerman@linux.ibm.com\0" "From\0Thiago Jung Bauermann <bauerman@linux.ibm.com>\0" "Subject\0[PATCH v9 11/14] ima: Implement support for module-style appended signatures\0" - "Date\0Thu, 13 Dec 2018 02:09:04 +0000\0" + "Date\0Thu, 13 Dec 2018 00:09:04 -0200\0" "To\0linux-integrity@vger.kernel.org\0" - "Cc\0linux-security-module@vger.kernel.org" - keyrings@vger.kernel.org - linux-crypto@vger.kernel.org - linuxppc-dev@lists.ozlabs.org + "Cc\0Herbert Xu <herbert@gondor.apana.org.au>" linux-doc@vger.kernel.org + Dmitry Kasatkin <dmitry.kasatkin@gmail.com> + David S. Miller <davem@davemloft.net> + Jonathan Corbet <corbet@lwn.net> linux-kernel@vger.kernel.org Mimi Zohar <zohar@linux.ibm.com> - Dmitry Kasatkin <dmitry.kasatkin@gmail.com> James Morris <jmorris@namei.org> - Serge E. Hallyn <serge@hallyn.com> David Howells <dhowells@redhat.com> - David Woodhouse <dwmw2@infradead.org> - Jessica Yu <jeyu@kernel.org> - Herbert Xu <herbert@gondor.apana.org.au> - David S. Miller <davem@davemloft.net> - Jonathan Corbet <corbet@lwn.net> AKASHI Takahiro <takahiro.akashi@linaro.org> - " Thiago Jung Bauermann <bauerman@linux.ibm.com>\0" + linux-security-module@vger.kernel.org + keyrings@vger.kernel.org + linux-crypto@vger.kernel.org + Jessica Yu <jeyu@kernel.org> + linuxppc-dev@lists.ozlabs.org + David Woodhouse <dwmw2@infradead.org> + Thiago Jung Bauermann <bauerman@linux.ibm.com> + " Serge E. Hallyn <serge@hallyn.com>\0" "\00:1\0" "b\0" "Implement the appraise_type=imasig|modsig option, allowing IMA to read and\n" @@ -69,7 +69,7 @@ " \tif (IS_ERR(keyring))\n" " \t\treturn PTR_ERR(keyring);\n" " \n" - "+\tif (sig[0] = IMA_MODSIG)\n" + "+\tif (sig[0] == IMA_MODSIG)\n" "+\t\treturn ima_modsig_verify(keyring, sig);\n" "+\n" " \tswitch (sig[1]) {\n" @@ -97,9 +97,9 @@ " \n" " static inline bool is_signed(const struct evm_ima_xattr_data *xattr_value)\n" " {\n" - "-\treturn xattr_value && xattr_value->type = EVM_IMA_XATTR_DIGSIG;\n" - "+\treturn xattr_value && (xattr_value->type = EVM_IMA_XATTR_DIGSIG ||\n" - "+\t\t\t xattr_value->type = IMA_MODSIG);\n" + "-\treturn xattr_value && xattr_value->type == EVM_IMA_XATTR_DIGSIG;\n" + "+\treturn xattr_value && (xattr_value->type == EVM_IMA_XATTR_DIGSIG ||\n" + "+\t\t\t xattr_value->type == IMA_MODSIG);\n" " }\n" " \n" " /*\n" @@ -184,7 +184,7 @@ "+\tret = asymmetric_sig_has_known_key(keyring, (const char *) xattr_value,\n" "+\t\t\t\t\t xattr_len);\n" "+\tif (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && !ret &&\n" - "+\t func = KEXEC_KERNEL_CHECK && keyring_id = INTEGRITY_KEYRING_IMA) {\n" + "+\t func == KEXEC_KERNEL_CHECK && keyring_id == INTEGRITY_KEYRING_IMA) {\n" "+\t\t/*\n" "+\t\t * When verifying a kexec kernel signature, IMA also looks for\n" "+\t\t * the key in the platform keyring.\n" @@ -201,10 +201,10 @@ " {\n" "@@ -198,6 +229,14 @@ int ima_read_xattr(struct dentry *dentry,\n" " \t\t\t\t 0, GFP_NOFS);\n" - " \tif (ret = -EOPNOTSUPP)\n" + " \tif (ret == -EOPNOTSUPP)\n" " \t\tret = 0;\n" "+\t/* IMA_MODSIG is only allowed when appended to files. */\n" - "+\telse if (ret > 0 && (*xattr_value)->type = IMA_MODSIG) {\n" + "+\telse if (ret > 0 && (*xattr_value)->type == IMA_MODSIG) {\n" "+\t\tret = -EINVAL;\n" "+\n" "+\t\tkfree(*xattr_value);\n" @@ -223,7 +223,7 @@ " \n" "-\tif (!(inode->i_opflags & IOP_XATTR))\n" "+\t/* If not appraising a modsig, we need an xattr. */\n" - "+\tif ((xattr_value = NULL || xattr_value->type != IMA_MODSIG) &&\n" + "+\tif ((xattr_value == NULL || xattr_value->type != IMA_MODSIG) &&\n" "+\t !(inode->i_opflags & IOP_XATTR))\n" " \t\treturn INTEGRITY_UNKNOWN;\n" " \n" @@ -237,7 +237,7 @@ "+\t * If it's a modsig, we don't have the xattr contents to pass to\n" "+\t * evm_verifyxattr().\n" "+\t */\n" - "+\tif (xattr_value->type = IMA_MODSIG) {\n" + "+\tif (xattr_value->type == IMA_MODSIG) {\n" "+\t\txattr_contents = NULL;\n" "+\t\txattr_contents_len = 0;\n" "+\t} else {\n" @@ -254,7 +254,7 @@ " \t\tbreak;\n" " \tcase INTEGRITY_NOXATTRS:\t/* No EVM protected xattrs. */\n" "+\t\t/* It's fine not to have xattrs when using a modsig. */\n" - "+\t\tif (xattr_value->type = IMA_MODSIG)\n" + "+\t\tif (xattr_value->type == IMA_MODSIG)\n" "+\t\t\tbreak;\n" "+\t\t/* fall through */\n" " \tcase INTEGRITY_NOLABEL:\t\t/* No security.evm xattr. */\n" @@ -271,9 +271,9 @@ "@@ -454,7 +515,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,\n" " \tresult = ima_protect_xattr(dentry, xattr_name, xattr_value,\n" " \t\t\t\t xattr_value_len);\n" - " \tif (result = 1) {\n" + " \tif (result == 1) {\n" "-\t\tif (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))\n" - "+\t\tif (!xattr_value_len || xvalue->type = IMA_MODSIG ||\n" + "+\t\tif (!xattr_value_len || xvalue->type == IMA_MODSIG ||\n" "+\t\t xvalue->type >= IMA_XATTR_LAST)\n" " \t\t\treturn -EINVAL;\n" " \t\tima_reset_appraise_flags(d_backing_inode(dentry),\n" @@ -379,7 +379,7 @@ "+\n" "+\tkey = find_asymmetric_key(keyring, pks->auth_ids[0], NULL, false);\n" "+\tif (IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING) && IS_ERR(key) &&\n" - "+\t func = KEXEC_KERNEL_CHECK && keyring_id = INTEGRITY_KEYRING_IMA) {\n" + "+\t func == KEXEC_KERNEL_CHECK && keyring_id == INTEGRITY_KEYRING_IMA) {\n" "+\t\t/*\n" "+\t\t * When verifying a kexec kernel signature, IMA also looks for\n" "+\t\t * the key in the platform keyring.\n" @@ -497,7 +497,7 @@ "+\tif (!hdr)\n" "+\t\treturn;\n" "+\n" - "+\tif (hdr->type = IMA_MODSIG) {\n" + "+\tif (hdr->type == IMA_MODSIG) {\n" "+\t\tstruct modsig_hdr *modsig = (struct modsig_hdr *) hdr;\n" "+\n" "+\t\tpkcs7_free_message(modsig->pkcs7_msg);\n" @@ -531,4 +531,4 @@ "+}\n" +#endif /* CONFIG_IMA_APPRAISE_MODSIG */ -9fd3d6134726546774a365e8b6247e9d0e2e75c47566a5fe52ca647678f2ce47 +bb533292b9f54e48f684f60008046f51a35550b579e9324b34b44b1a583bfd3f
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.