From: dan.carpenter@oracle.com (Dan Carpenter)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v3 3/6] ima: refactor ima_init_policy()
Date: Fri, 21 Sep 2018 11:34:29 +0300 [thread overview]
Message-ID: <20180921083429.c7sikis5bzxdifny@mwanda> (raw)
In-Reply-To: <20180919075522.7684-4-nayna@linux.vnet.ibm.com>
Hi Nayna,
Thank you for the patch! Perhaps something to improve:
url: https://github.com/0day-ci/linux/commits/Nayna-Jain/Add-support-for-architecture-specific-IMA-policies/20180920-035110
smatch warnings:
security/integrity/ima/ima_policy.c:489 add_rules() warn: should this be a bitwise op?
# https://github.com/0day-ci/linux/commit/84a2e186f940ebc6c34e6d276e55f665167a5bb8
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout 84a2e186f940ebc6c34e6d276e55f665167a5bb8
vim +489 security/integrity/ima/ima_policy.c
6f0911a6 Mimi Zohar 2018-04-12 477
84a2e186 Nayna Jain 2018-09-19 478 static void add_rules(struct ima_rule_entry *entries, int count,
84a2e186 Nayna Jain 2018-09-19 479 enum policy_rule_list file)
84a2e186 Nayna Jain 2018-09-19 480 {
84a2e186 Nayna Jain 2018-09-19 481 int i = 0;
84a2e186 Nayna Jain 2018-09-19 482
84a2e186 Nayna Jain 2018-09-19 483 for (i = 0; i < count; i++) {
84a2e186 Nayna Jain 2018-09-19 484 struct ima_rule_entry *entry;
84a2e186 Nayna Jain 2018-09-19 485
84a2e186 Nayna Jain 2018-09-19 486 if (file && IMA_DEFAULT_POLICY)
^^^^^^^^^^^^^^^^^^^^^^^^^^
84a2e186 Nayna Jain 2018-09-19 487 list_add_tail(&entries[i].list, &ima_default_rules);
84a2e186 Nayna Jain 2018-09-19 488
84a2e186 Nayna Jain 2018-09-19 @489 if (file && IMA_CUSTOM_POLICY) {
^^^^^^^^^^^^^^^^^^^^^^^^^
It does look like it should be "if (file & IMA_CUSTOM_POLICY) {" but I
haven't looked@the context besides what's here in this email.
84a2e186 Nayna Jain 2018-09-19 490 entry = kmemdup(&entries[i], sizeof(*entry),
84a2e186 Nayna Jain 2018-09-19 491 GFP_KERNEL);
84a2e186 Nayna Jain 2018-09-19 492 if (!entry)
84a2e186 Nayna Jain 2018-09-19 493 continue;
84a2e186 Nayna Jain 2018-09-19 494
84a2e186 Nayna Jain 2018-09-19 495 INIT_LIST_HEAD(&entry->list);
84a2e186 Nayna Jain 2018-09-19 496 list_add_tail(&entry->list, &ima_policy_rules);
84a2e186 Nayna Jain 2018-09-19 497 }
84a2e186 Nayna Jain 2018-09-19 498 if (entries[i].action == APPRAISE)
84a2e186 Nayna Jain 2018-09-19 499 temp_ima_appraise |= ima_appraise_flag(entries[i].func);
84a2e186 Nayna Jain 2018-09-19 500 if (entries[i].func == POLICY_CHECK)
84a2e186 Nayna Jain 2018-09-19 501 temp_ima_appraise |= IMA_APPRAISE_POLICY;
84a2e186 Nayna Jain 2018-09-19 502 }
84a2e186 Nayna Jain 2018-09-19 503 }
84a2e186 Nayna Jain 2018-09-19 504
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
next prev parent reply other threads:[~2018-09-21 8:34 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-19 7:55 [PATCH v3 0/6] Add support for architecture specific IMA policies Nayna Jain
2018-09-19 7:55 ` [PATCH v3 1/6] x86/ima: define arch_ima_get_secureboot Nayna Jain
2018-09-19 7:55 ` [PATCH v3 2/6] ima: prevent kexec_load syscall based on runtime secureboot flag Nayna Jain
2018-09-19 7:55 ` [PATCH v3 3/6] ima: refactor ima_init_policy() Nayna Jain
2018-09-21 8:34 ` Dan Carpenter [this message]
2018-09-24 11:10 ` Nayna Jain
2018-09-19 7:55 ` [PATCH v3 4/6] ima: add support for arch specific policies Nayna Jain
2018-09-19 7:55 ` [PATCH v3 5/6] ima: add support for external setting of ima_appraise Nayna Jain
2018-09-19 7:55 ` [PATCH v3 6/6] x86/ima: define arch_get_ima_policy() for x86 Nayna Jain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180921083429.c7sikis5bzxdifny@mwanda \
--to=dan.carpenter@oracle.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox