aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/genhd.h10
-rw-r--r--security/integrity/ima/ima_main.c3
-rw-r--r--security/integrity/ima/ima_policy.c11
3 files changed, 18 insertions, 6 deletions
diff --git a/include/linux/genhd.h b/include/linux/genhd.h
index 79b8bba19363..9f3c275e053e 100644
--- a/include/linux/genhd.h
+++ b/include/linux/genhd.h
@@ -231,6 +231,12 @@ static inline void part_pack_uuid(const u8 *uuid_str, u8 *to)
231 } 231 }
232} 232}
233 233
234static inline int blk_part_pack_uuid(const u8 *uuid_str, u8 *to)
235{
236 part_pack_uuid(uuid_str, to);
237 return 0;
238}
239
234static inline int disk_max_parts(struct gendisk *disk) 240static inline int disk_max_parts(struct gendisk *disk)
235{ 241{
236 if (disk->flags & GENHD_FL_EXT_DEVT) 242 if (disk->flags & GENHD_FL_EXT_DEVT)
@@ -718,6 +724,10 @@ static inline dev_t blk_lookup_devt(const char *name, int partno)
718 return devt; 724 return devt;
719} 725}
720 726
727static inline int blk_part_pack_uuid(const u8 *uuid_str, u8 *to)
728{
729 return -EINVAL;
730}
721#endif /* CONFIG_BLOCK */ 731#endif /* CONFIG_BLOCK */
722 732
723#endif /* _LINUX_GENHD_H */ 733#endif /* _LINUX_GENHD_H */
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 5127afcc4b89..5b14a0946d6e 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -284,7 +284,8 @@ int ima_module_check(struct file *file)
284{ 284{
285 if (!file) { 285 if (!file) {
286#ifndef CONFIG_MODULE_SIG_FORCE 286#ifndef CONFIG_MODULE_SIG_FORCE
287 if (ima_appraise & IMA_APPRAISE_MODULES) 287 if ((ima_appraise & IMA_APPRAISE_MODULES) &&
288 (ima_appraise & IMA_APPRAISE_ENFORCE))
288 return -EACCES; /* INTEGRITY_UNKNOWN */ 289 return -EACCES; /* INTEGRITY_UNKNOWN */
289#endif 290#endif
290 return 0; /* We rely on module signature checking */ 291 return 0; /* We rely on module signature checking */
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index b27535a13a79..399433ad614e 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -176,7 +176,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
176 && rule->fsmagic != inode->i_sb->s_magic) 176 && rule->fsmagic != inode->i_sb->s_magic)
177 return false; 177 return false;
178 if ((rule->flags & IMA_FSUUID) && 178 if ((rule->flags & IMA_FSUUID) &&
179 memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid))) 179 memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
180 return false; 180 return false;
181 if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) 181 if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
182 return false; 182 return false;
@@ -530,14 +530,15 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
530 ima_log_string(ab, "fsuuid", args[0].from); 530 ima_log_string(ab, "fsuuid", args[0].from);
531 531
532 if (memchr_inv(entry->fsuuid, 0x00, 532 if (memchr_inv(entry->fsuuid, 0x00,
533 sizeof(entry->fsuuid))) { 533 sizeof(entry->fsuuid))) {
534 result = -EINVAL; 534 result = -EINVAL;
535 break; 535 break;
536 } 536 }
537 537
538 part_pack_uuid(args[0].from, entry->fsuuid); 538 result = blk_part_pack_uuid(args[0].from,
539 entry->flags |= IMA_FSUUID; 539 entry->fsuuid);
540 result = 0; 540 if (!result)
541 entry->flags |= IMA_FSUUID;
541 break; 542 break;
542 case Opt_uid: 543 case Opt_uid:
543 ima_log_string(ab, "uid", args[0].from); 544 ima_log_string(ab, "uid", args[0].from);
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-30 18:13:43 -0500