diff for duplicates of <20191114031202.18012-5-nramas@linux.microsoft.com> diff --git a/a/1.txt b/N1/1.txt index a219542..fad4f46 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -94,10 +94,13 @@ index 610759fe63b8..f6bc00914aa5 100644 +++ b/security/integrity/ima/ima_api.c @@ -169,12 +169,13 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @func: caller identifier - * @pcr: pointer filled in if matched measure policy sets pcr * @template_desc: pointer filled in if matched measure policy sets template+ * @keyring: keyring name used to determine the action + * @pcr: pointer filled in if matched measure policy sets pcr= + * @template_desc: pointer filled in if matched measure policy sets template= ++ * @keyring: keyring name used to determine the action * * The policy is defined in terms of keypairs: - * subj=, obj=, type=, func=, mask=, fsmagic * subj,obj, and type: are LSM specific. + * subj=, obj=, type=, func=, mask=, fsmagic= + * subj,obj, and type: are LSM specific. * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK - * | KEXEC_CMDLINE + * | KEXEC_CMDLINE | KEY_CHECK @@ -136,7 +139,7 @@ index 300c8d2943c5..a9649b04b9f1 100644 static int ima_fix_xattr(struct dentry *dentry, @@ -330,7 +330,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint, - if ((rc = -EPERM) && (iint->flags & IMA_MEASURE)) + if ((rc == -EPERM) && (iint->flags & IMA_MEASURE)) process_buffer_measurement(digest, digestsize, "blacklisted-hash", NONE, - pcr); @@ -173,7 +176,7 @@ index d7e987baf127..6d0bf241ebf8 100644 action = ima_get_action(inode, cred, secid, mask, func, &pcr, - &template_desc); + &template_desc, NULL); - violation_check = ((func = FILE_CHECK || func = MMAP_CHECK) && + violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); if (!action && !violation_check) @@ -632,12 +632,13 @@ int ima_load_data(enum kernel_load_data_id id) @@ -230,14 +233,15 @@ index 1525a28fd705..76da4f17bc79 100644 + * @rule: a pointer to a rule + * @keyring: name of the keyring to match against the measure rule + * -+ * If the measure action for KEY_CHECK does not specify keyrings+ * option then return true (Measure all keys). ++ * If the measure action for KEY_CHECK does not specify keyrings= ++ * option then return true (Measure all keys). + * Else, return true if the given keyring name is present in + * the keyrings= option. False, otherwise. + */ +static bool ima_match_keyring(struct ima_rule_entry *rule, + const char *keyring) +{ -+ if ((keyring = NULL) || (rule->keyrings = NULL)) ++ if ((keyring == NULL) || (rule->keyrings == NULL)) + return true; + else + return (strstr(rule->keyrings, keyring) != NULL); @@ -262,10 +266,10 @@ index 1525a28fd705..76da4f17bc79 100644 { int i; - if ((func = KEXEC_CMDLINE) || (func = KEY_CHECK)) { -- if ((rule->flags & IMA_FUNC) && (rule->func = func)) -+ if ((rule->flags & IMA_FUNC) && (rule->func = func)) { -+ if (func = KEY_CHECK) + if ((func == KEXEC_CMDLINE) || (func == KEY_CHECK)) { +- if ((rule->flags & IMA_FUNC) && (rule->func == func)) ++ if ((rule->flags & IMA_FUNC) && (rule->func == func)) { ++ if (func == KEY_CHECK) + return ima_match_keyring(rule, keyring); return true; + } diff --git a/a/content_digest b/N1/content_digest index cb8aa60..a612134 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020191114031202.18012-1-nramas@linux.microsoft.com\0" "From\0Lakshmi Ramasubramanian <nramas@linux.microsoft.com>\0" "Subject\0[PATCH v7 4/5] IMA: Add support to limit measuring keys\0" - "Date\0Thu, 14 Nov 2019 03:12:01 +0000\0" + "Date\0Wed, 13 Nov 2019 19:12:01 -0800\0" "To\0zohar@linux.ibm.com" dhowells@redhat.com matthewgarrett@google.com @@ -109,10 +109,13 @@ "+++ b/security/integrity/ima/ima_api.c\n" "@@ -169,12 +169,13 @@ void ima_add_violation(struct file *file, const unsigned char *filename,\n" " * @func: caller identifier\n" - " * @pcr: pointer filled in if matched measure policy sets pcr * @template_desc: pointer filled in if matched measure policy sets template+ * @keyring: keyring name used to determine the action\n" + " * @pcr: pointer filled in if matched measure policy sets pcr=\n" + " * @template_desc: pointer filled in if matched measure policy sets template=\n" + "+ * @keyring: keyring name used to determine the action\n" " *\n" " * The policy is defined in terms of keypairs:\n" - " *\t\tsubj=, obj=, type=, func=, mask=, fsmagic *\tsubj,obj, and type: are LSM specific.\n" + " *\t\tsubj=, obj=, type=, func=, mask=, fsmagic=\n" + " *\tsubj,obj, and type: are LSM specific.\n" " *\tfunc: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK\n" "- *\t| KEXEC_CMDLINE\n" "+ *\t| KEXEC_CMDLINE | KEY_CHECK\n" @@ -151,7 +154,7 @@ " \n" " static int ima_fix_xattr(struct dentry *dentry,\n" "@@ -330,7 +330,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint,\n" - " \t\tif ((rc = -EPERM) && (iint->flags & IMA_MEASURE))\n" + " \t\tif ((rc == -EPERM) && (iint->flags & IMA_MEASURE))\n" " \t\t\tprocess_buffer_measurement(digest, digestsize,\n" " \t\t\t\t\t\t \"blacklisted-hash\", NONE,\n" "-\t\t\t\t\t\t pcr);\n" @@ -188,7 +191,7 @@ " \taction = ima_get_action(inode, cred, secid, mask, func, &pcr,\n" "-\t\t\t\t&template_desc);\n" "+\t\t\t\t&template_desc, NULL);\n" - " \tviolation_check = ((func = FILE_CHECK || func = MMAP_CHECK) &&\n" + " \tviolation_check = ((func == FILE_CHECK || func == MMAP_CHECK) &&\n" " \t\t\t (ima_policy_flag & IMA_MEASURE));\n" " \tif (!action && !violation_check)\n" "@@ -632,12 +632,13 @@ int ima_load_data(enum kernel_load_data_id id)\n" @@ -245,14 +248,15 @@ "+ * @rule: a pointer to a rule\n" "+ * @keyring: name of the keyring to match against the measure rule\n" "+ *\n" - "+ * If the measure action for KEY_CHECK does not specify keyrings+ * option then return true (Measure all keys).\n" + "+ * If the measure action for KEY_CHECK does not specify keyrings=\n" + "+ * option then return true (Measure all keys).\n" "+ * Else, return true if the given keyring name is present in\n" "+ * the keyrings= option. False, otherwise.\n" "+ */\n" "+static bool ima_match_keyring(struct ima_rule_entry *rule,\n" "+\t\t\t const char *keyring)\n" "+{\n" - "+\tif ((keyring = NULL) || (rule->keyrings = NULL))\n" + "+\tif ((keyring == NULL) || (rule->keyrings == NULL))\n" "+\t\treturn true;\n" "+\telse\n" "+\t\treturn (strstr(rule->keyrings, keyring) != NULL);\n" @@ -277,10 +281,10 @@ " {\n" " \tint i;\n" " \n" - " \tif ((func = KEXEC_CMDLINE) || (func = KEY_CHECK)) {\n" - "-\t\tif ((rule->flags & IMA_FUNC) && (rule->func = func))\n" - "+\t\tif ((rule->flags & IMA_FUNC) && (rule->func = func)) {\n" - "+\t\t\tif (func = KEY_CHECK)\n" + " \tif ((func == KEXEC_CMDLINE) || (func == KEY_CHECK)) {\n" + "-\t\tif ((rule->flags & IMA_FUNC) && (rule->func == func))\n" + "+\t\tif ((rule->flags & IMA_FUNC) && (rule->func == func)) {\n" + "+\t\t\tif (func == KEY_CHECK)\n" "+\t\t\t\treturn ima_match_keyring(rule, keyring);\n" " \t\t\treturn true;\n" "+\t\t}\n" @@ -319,4 +323,4 @@ "-- \n" 2.17.1 -b9ed28beb39536006bcf2d10039d4a48f218a9f214c52cbddfe4197fe538d822 +cf7a7403589bd67cdfb6579b74b8aed947e76b1ccedd287c8e6008853d664219
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.