diff options
Diffstat (limited to 'security/integrity/ima/ima_policy.c')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 4759d0f99335..49998f90e441 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -261,7 +261,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 261 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); | 261 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); |
| 262 | 262 | ||
| 263 | entry->action = -1; | 263 | entry->action = -1; |
| 264 | while ((p = strsep(&rule, " \n")) != NULL) { | 264 | while ((p = strsep(&rule, " ")) != NULL) { |
| 265 | substring_t args[MAX_OPT_ARGS]; | 265 | substring_t args[MAX_OPT_ARGS]; |
| 266 | int token; | 266 | int token; |
| 267 | unsigned long lnum; | 267 | unsigned long lnum; |
| @@ -269,7 +269,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 269 | if (result < 0) | 269 | if (result < 0) |
| 270 | break; | 270 | break; |
| 271 | if (!*p) | 271 | if (!*p) |
| 272 | continue; | 272 | break; |
| 273 | token = match_token(p, policy_tokens, args); | 273 | token = match_token(p, policy_tokens, args); |
| 274 | switch (token) { | 274 | switch (token) { |
| 275 | case Opt_measure: | 275 | case Opt_measure: |
| @@ -373,7 +373,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 373 | if (entry->action == UNKNOWN) | 373 | if (entry->action == UNKNOWN) |
| 374 | result = -EINVAL; | 374 | result = -EINVAL; |
| 375 | 375 | ||
| 376 | audit_log_format(ab, "res=%d", !result ? 0 : 1); | 376 | audit_log_format(ab, "res=%d", !!result); |
| 377 | audit_log_end(ab); | 377 | audit_log_end(ab); |
| 378 | return result; | 378 | return result; |
| 379 | } | 379 | } |
| @@ -383,13 +383,14 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
| 383 | * @rule - ima measurement policy rule | 383 | * @rule - ima measurement policy rule |
| 384 | * | 384 | * |
| 385 | * Uses a mutex to protect the policy list from multiple concurrent writers. | 385 | * Uses a mutex to protect the policy list from multiple concurrent writers. |
| 386 | * Returns 0 on success, an error code on failure. | 386 | * Returns the length of the rule parsed, an error code on failure |
| 387 | */ | 387 | */ |
| 388 | int ima_parse_add_rule(char *rule) | 388 | ssize_t ima_parse_add_rule(char *rule) |
| 389 | { | 389 | { |
| 390 | const char *op = "update_policy"; | 390 | const char *op = "update_policy"; |
| 391 | char *p; | ||
| 391 | struct ima_measure_rule_entry *entry; | 392 | struct ima_measure_rule_entry *entry; |
| 392 | int result = 0; | 393 | ssize_t result, len; |
| 393 | int audit_info = 0; | 394 | int audit_info = 0; |
| 394 | 395 | ||
| 395 | /* Prevent installed policy from changing */ | 396 | /* Prevent installed policy from changing */ |
| @@ -409,8 +410,11 @@ int ima_parse_add_rule(char *rule) | |||
| 409 | 410 | ||
| 410 | INIT_LIST_HEAD(&entry->list); | 411 | INIT_LIST_HEAD(&entry->list); |
| 411 | 412 | ||
| 412 | result = ima_parse_rule(rule, entry); | 413 | p = strsep(&rule, "\n"); |
| 414 | len = strlen(p) + 1; | ||
| 415 | result = ima_parse_rule(p, entry); | ||
| 413 | if (!result) { | 416 | if (!result) { |
| 417 | result = len; | ||
| 414 | mutex_lock(&ima_measure_mutex); | 418 | mutex_lock(&ima_measure_mutex); |
| 415 | list_add_tail(&entry->list, &measure_policy_rules); | 419 | list_add_tail(&entry->list, &measure_policy_rules); |
| 416 | mutex_unlock(&ima_measure_mutex); | 420 | mutex_unlock(&ima_measure_mutex); |