unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
kernel-hacking-2024-linux-s.../security/integrity
History
Dmitry Kasatkin 09b1148ef5 ima: fix erroneous removal of security.ima xattr 
ima_inode_post_setattr() calls ima_must_appraise() to check if the
file needs to be appraised. If it does not then it removes security.ima
xattr. With original policy matching code it might happen that even
file needs to be appraised with FILE_CHECK hook, it might not be
for POST_SETATTR hook. 'security.ima' might be erronously removed.

This patch treats POST_SETATTR as special wildcard function and will
cause ima_must_appraise() to be true if any of the hooks rules matches.
security.ima will not be removed if any of the hooks would require
appraisal.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2014-03-07 12:15:44 -05:00
..
evm security: integrity: Use a more current logging style 2014-03-07 12:15:21 -05:00
ima ima: fix erroneous removal of security.ima xattr 2014-03-07 12:15:44 -05:00
digsig.c Revert "ima: define '_ima' as a builtin 'trusted' keyring" 2013-11-23 16:36:35 -08:00
digsig_asymmetric.c ima: read and use signature hash algorithm 2013-10-25 17:16:59 -04:00
iint.c ima: use dynamically allocated hash storage 2013-10-25 17:17:00 -04:00
integrity.h Revert "ima: define '_ima' as a builtin 'trusted' keyring" 2013-11-23 16:36:35 -08:00
integrity_audit.c Integrity: Pass commname via get_task_comm() 2014-03-07 11:32:28 -05:00
Kconfig integrity: move integrity_audit_msg() 2013-06-20 07:47:49 -04:00
Makefile security: cleanup Makefiles to use standard syntax for specifying sub-directories 2014-02-17 11:08:04 +11:00