diff for duplicates of <20191211164707.4698-6-nramas@linux.microsoft.com> diff --git a/a/1.txt b/N1/1.txt index f4e7d3f..184c531 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -98,10 +98,13 @@ index 610759fe63b8..f6bc00914aa5 100644 +++ b/security/integrity/ima/ima_api.c @@ -169,12 +169,13 @@ void ima_add_violation(struct file *file, const unsigned char *filename, * @func: caller identifier - * @pcr: pointer filled in if matched measure policy sets pcr * @template_desc: pointer filled in if matched measure policy sets template+ * @keyring: keyring name used to determine the action + * @pcr: pointer filled in if matched measure policy sets pcr= + * @template_desc: pointer filled in if matched measure policy sets template= ++ * @keyring: keyring name used to determine the action * * The policy is defined in terms of keypairs: - * subj=, obj=, type=, func=, mask=, fsmagic * subj,obj, and type: are LSM specific. + * subj=, obj=, type=, func=, mask=, fsmagic= + * subj,obj, and type: are LSM specific. * func: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK - * | KEXEC_CMDLINE + * | KEXEC_CMDLINE | KEY_CHECK @@ -140,7 +143,7 @@ index 300c8d2943c5..a9649b04b9f1 100644 static int ima_fix_xattr(struct dentry *dentry, @@ -330,7 +330,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint, - if ((rc = -EPERM) && (iint->flags & IMA_MEASURE)) + if ((rc == -EPERM) && (iint->flags & IMA_MEASURE)) process_buffer_measurement(digest, digestsize, "blacklisted-hash", NONE, - pcr); @@ -177,7 +180,7 @@ index 9b35db2fc777..2272c3255c7d 100644 action = ima_get_action(inode, cred, secid, mask, func, &pcr, - &template_desc); + &template_desc, NULL); - violation_check = ((func = FILE_CHECK || func = MMAP_CHECK) && + violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && (ima_policy_flag & IMA_MEASURE)); if (!action && !violation_check) @@ -632,12 +632,13 @@ int ima_load_data(enum kernel_load_data_id id) @@ -292,10 +295,10 @@ index 1525a28fd705..cca87c499c4f 100644 { int i; - if ((func = KEXEC_CMDLINE) || (func = KEY_CHECK)) { -- if ((rule->flags & IMA_FUNC) && (rule->func = func)) -+ if ((rule->flags & IMA_FUNC) && (rule->func = func)) { -+ if (func = KEY_CHECK) + if ((func == KEXEC_CMDLINE) || (func == KEY_CHECK)) { +- if ((rule->flags & IMA_FUNC) && (rule->func == func)) ++ if ((rule->flags & IMA_FUNC) && (rule->func == func)) { ++ if (func == KEY_CHECK) + return ima_match_keyring(rule, keyring, cred); return true; + } diff --git a/a/content_digest b/N1/content_digest index f894782..8993935 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,7 +1,7 @@ "ref\020191211164707.4698-1-nramas@linux.microsoft.com\0" "From\0Lakshmi Ramasubramanian <nramas@linux.microsoft.com>\0" "Subject\0[PATCH v11 5/6] IMA: Add support to limit measuring keys\0" - "Date\0Wed, 11 Dec 2019 16:47:06 +0000\0" + "Date\0Wed, 11 Dec 2019 08:47:06 -0800\0" "To\0zohar@linux.ibm.com" " linux-integrity@vger.kernel.org\0" "Cc\0eric.snowberg@oracle.com" @@ -114,10 +114,13 @@ "+++ b/security/integrity/ima/ima_api.c\n" "@@ -169,12 +169,13 @@ void ima_add_violation(struct file *file, const unsigned char *filename,\n" " * @func: caller identifier\n" - " * @pcr: pointer filled in if matched measure policy sets pcr * @template_desc: pointer filled in if matched measure policy sets template+ * @keyring: keyring name used to determine the action\n" + " * @pcr: pointer filled in if matched measure policy sets pcr=\n" + " * @template_desc: pointer filled in if matched measure policy sets template=\n" + "+ * @keyring: keyring name used to determine the action\n" " *\n" " * The policy is defined in terms of keypairs:\n" - " *\t\tsubj=, obj=, type=, func=, mask=, fsmagic *\tsubj,obj, and type: are LSM specific.\n" + " *\t\tsubj=, obj=, type=, func=, mask=, fsmagic=\n" + " *\tsubj,obj, and type: are LSM specific.\n" " *\tfunc: FILE_CHECK | BPRM_CHECK | CREDS_CHECK | MMAP_CHECK | MODULE_CHECK\n" "- *\t| KEXEC_CMDLINE\n" "+ *\t| KEXEC_CMDLINE | KEY_CHECK\n" @@ -156,7 +159,7 @@ " \n" " static int ima_fix_xattr(struct dentry *dentry,\n" "@@ -330,7 +330,7 @@ int ima_check_blacklist(struct integrity_iint_cache *iint,\n" - " \t\tif ((rc = -EPERM) && (iint->flags & IMA_MEASURE))\n" + " \t\tif ((rc == -EPERM) && (iint->flags & IMA_MEASURE))\n" " \t\t\tprocess_buffer_measurement(digest, digestsize,\n" " \t\t\t\t\t\t \"blacklisted-hash\", NONE,\n" "-\t\t\t\t\t\t pcr);\n" @@ -193,7 +196,7 @@ " \taction = ima_get_action(inode, cred, secid, mask, func, &pcr,\n" "-\t\t\t\t&template_desc);\n" "+\t\t\t\t&template_desc, NULL);\n" - " \tviolation_check = ((func = FILE_CHECK || func = MMAP_CHECK) &&\n" + " \tviolation_check = ((func == FILE_CHECK || func == MMAP_CHECK) &&\n" " \t\t\t (ima_policy_flag & IMA_MEASURE));\n" " \tif (!action && !violation_check)\n" "@@ -632,12 +632,13 @@ int ima_load_data(enum kernel_load_data_id id)\n" @@ -308,10 +311,10 @@ " {\n" " \tint i;\n" " \n" - " \tif ((func = KEXEC_CMDLINE) || (func = KEY_CHECK)) {\n" - "-\t\tif ((rule->flags & IMA_FUNC) && (rule->func = func))\n" - "+\t\tif ((rule->flags & IMA_FUNC) && (rule->func = func)) {\n" - "+\t\t\tif (func = KEY_CHECK)\n" + " \tif ((func == KEXEC_CMDLINE) || (func == KEY_CHECK)) {\n" + "-\t\tif ((rule->flags & IMA_FUNC) && (rule->func == func))\n" + "+\t\tif ((rule->flags & IMA_FUNC) && (rule->func == func)) {\n" + "+\t\t\tif (func == KEY_CHECK)\n" "+\t\t\t\treturn ima_match_keyring(rule, keyring, cred);\n" " \t\t\treturn true;\n" "+\t\t}\n" @@ -350,4 +353,4 @@ "-- \n" 2.17.1 -e69ad48783c9cc46dc978db1c91f7957ea54edbb2f865d9628187723146b500b +9aaa72630dd457645ca5cd2990f21d85696e186b236cb87150e8e1a511c44c3a
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.