diff for duplicates of <20191127015654.3744-6-nramas@linux.microsoft.com> diff --git a/a/1.txt b/N1/1.txt index 6c335c9..dc660d3 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -94,10 +94,13 @@ index 610759fe63b8..f6bc00914aa5 100644 +++ b/security/integrity/ima/ima_api.c @@ -169,12 +169,13 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @func: caller identifier - * @pcr: pointer filled in if matched measure policy sets pcr * @template_desc: pointer filled in if matched measure policy sets template+ * @keyring: keyring name used to determine the action + * @pcr: pointer filled in if matched measure policy sets pcr= + * @template_desc: pointer filled in if matched measure policy sets template= ++ * @keyring: keyring name used to determine the action * * The policy is defined in terms of keypairs: - * subj=, obj=, type=, func=, mask=, fsmagic * subj,obj, and type: are LSM specific. + * subj=, obj=, type=, func=, mask=, fsmagic= + * subj,obj, and type: are LSM specific. * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK - * | KEXEC_CMDLINE + * | KEXEC_CMDLINE | KEY_CHECK @@ -136,7 +139,7 @@ index 300c8d2943c5..a9649b04b9f1 100644 static int ima_fix_xattr(struct dentry *dentry, @@ -330,7 +330,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint, - if ((rc = -EPERM) && (iint->flags & IMA_MEASURE)) + if ((rc == -EPERM) && (iint->flags & IMA_MEASURE)) process_buffer_measurement(digest, digestsize, "blacklisted-hash", NONE, - pcr); @@ -173,7 +176,7 @@ index 9b35db2fc777..2272c3255c7d 100644 action = ima_get_action(inode, cred, secid, mask, func, &pcr, - &template_desc); + &template_desc, NULL); - violation_check = ((func = FILE_CHECK || func = MMAP_CHECK) && + violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); if (!action && !violation_check) @@ -632,12 +632,13 @@ int ima_load_data(enum kernel_load_data_id id) @@ -230,7 +233,8 @@ index 1525a28fd705..d9400585fcda 100644 + * @rule: a pointer to a rule + * @keyring: name of the keyring to match against the measure rule + * -+ * If the measure action for KEY_CHECK does not specify keyrings+ * option then return true (Measure all keys). ++ * If the measure action for KEY_CHECK does not specify keyrings= ++ * option then return true (Measure all keys). + * Else, return true if the given keyring name is present in + * the keyrings= option. False, otherwise. + */ @@ -266,7 +270,7 @@ index 1525a28fd705..d9400585fcda 100644 + * If yes, we have a whole string match. + */ + p += strlen(keyring); -+ if (*p = '|' || *p = '\0') ++ if (*p == '|' || *p == '\0') + return true; + } + @@ -292,10 +296,10 @@ index 1525a28fd705..d9400585fcda 100644 { int i; - if ((func = KEXEC_CMDLINE) || (func = KEY_CHECK)) { -- if ((rule->flags & IMA_FUNC) && (rule->func = func)) -+ if ((rule->flags & IMA_FUNC) && (rule->func = func)) { -+ if (func = KEY_CHECK) + if ((func == KEXEC_CMDLINE) || (func == KEY_CHECK)) { +- if ((rule->flags & IMA_FUNC) && (rule->func == func)) ++ if ((rule->flags & IMA_FUNC) && (rule->func == func)) { ++ if (func == KEY_CHECK) + return ima_match_keyring(rule, keyring); return true; + } diff --git a/a/content_digest b/N1/content_digest index 4ef6c3a..bf100df 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020191127015654.3744-1-nramas@linux.microsoft.com\0" "From\0Lakshmi Ramasubramanian <nramas@linux.microsoft.com>\0" "Subject\0[PATCH v9 5/6] IMA: Add support to limit measuring keys\0" - "Date\0Wed, 27 Nov 2019 01:56:53 +0000\0" + "Date\0Tue, 26 Nov 2019 17:56:53 -0800\0" "To\0zohar@linux.ibm.com" " linux-integrity@vger.kernel.org\0" "Cc\0eric.snowberg@oracle.com" @@ -109,10 +109,13 @@ "+++ b/security/integrity/ima/ima_api.c\n" "@@ -169,12 +169,13 @@ void ima_add_violation(struct file *file, const unsigned char *filename,\n" " * @func: caller identifier\n" - " * @pcr: pointer filled in if matched measure policy sets pcr * @template_desc: pointer filled in if matched measure policy sets template+ * @keyring: keyring name used to determine the action\n" + " * @pcr: pointer filled in if matched measure policy sets pcr=\n" + " * @template_desc: pointer filled in if matched measure policy sets template=\n" + "+ * @keyring: keyring name used to determine the action\n" " *\n" " * The policy is defined in terms of keypairs:\n" - " *\t\tsubj=, obj=, type=, func=, mask=, fsmagic *\tsubj,obj, and type: are LSM specific.\n" + " *\t\tsubj=, obj=, type=, func=, mask=, fsmagic=\n" + " *\tsubj,obj, and type: are LSM specific.\n" " *\tfunc: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK\n" "- *\t| KEXEC_CMDLINE\n" "+ *\t| KEXEC_CMDLINE | KEY_CHECK\n" @@ -151,7 +154,7 @@ " \n" " static int ima_fix_xattr(struct dentry *dentry,\n" "@@ -330,7 +330,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint,\n" - " \t\tif ((rc = -EPERM) && (iint->flags & IMA_MEASURE))\n" + " \t\tif ((rc == -EPERM) && (iint->flags & IMA_MEASURE))\n" " \t\t\tprocess_buffer_measurement(digest, digestsize,\n" " \t\t\t\t\t\t \"blacklisted-hash\", NONE,\n" "-\t\t\t\t\t\t pcr);\n" @@ -188,7 +191,7 @@ " \taction = ima_get_action(inode, cred, secid, mask, func, &pcr,\n" "-\t\t\t\t&template_desc);\n" "+\t\t\t\t&template_desc, NULL);\n" - " \tviolation_check = ((func = FILE_CHECK || func = MMAP_CHECK) &&\n" + " \tviolation_check = ((func == FILE_CHECK || func == MMAP_CHECK) &&\n" " \t\t\t (ima_policy_flag & IMA_MEASURE));\n" " \tif (!action && !violation_check)\n" "@@ -632,12 +632,13 @@ int ima_load_data(enum kernel_load_data_id id)\n" @@ -245,7 +248,8 @@ "+ * @rule: a pointer to a rule\n" "+ * @keyring: name of the keyring to match against the measure rule\n" "+ *\n" - "+ * If the measure action for KEY_CHECK does not specify keyrings+ * option then return true (Measure all keys).\n" + "+ * If the measure action for KEY_CHECK does not specify keyrings=\n" + "+ * option then return true (Measure all keys).\n" "+ * Else, return true if the given keyring name is present in\n" "+ * the keyrings= option. False, otherwise.\n" "+ */\n" @@ -281,7 +285,7 @@ "+\t\t * If yes, we have a whole string match.\n" "+\t\t */\n" "+\t\tp += strlen(keyring);\n" - "+\t\tif (*p = '|' || *p = '\\0')\n" + "+\t\tif (*p == '|' || *p == '\\0')\n" "+\t\t\treturn true;\n" "+\t}\n" "+\n" @@ -307,10 +311,10 @@ " {\n" " \tint i;\n" " \n" - " \tif ((func = KEXEC_CMDLINE) || (func = KEY_CHECK)) {\n" - "-\t\tif ((rule->flags & IMA_FUNC) && (rule->func = func))\n" - "+\t\tif ((rule->flags & IMA_FUNC) && (rule->func = func)) {\n" - "+\t\t\tif (func = KEY_CHECK)\n" + " \tif ((func == KEXEC_CMDLINE) || (func == KEY_CHECK)) {\n" + "-\t\tif ((rule->flags & IMA_FUNC) && (rule->func == func))\n" + "+\t\tif ((rule->flags & IMA_FUNC) && (rule->func == func)) {\n" + "+\t\t\tif (func == KEY_CHECK)\n" "+\t\t\t\treturn ima_match_keyring(rule, keyring);\n" " \t\t\treturn true;\n" "+\t\t}\n" @@ -349,4 +353,4 @@ "-- \n" 2.17.1 -4974213aa9dd2f04539ea3d30487fc8dc418b9f2bd83894c704e2bb15975b454 +a71ddfd6b5a66672967ffd6c579a3c6faa573a62a4e2c4fdf20e9a8979e1b712
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.