| Message ID | 1483677491-16445-1-git-send-email-jia.zhang@windriver.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, 2017-01-06 at 12:38 +0800, Lans Zhang wrote: > Otherwise some mask and inmask tokens with MAY_APPEND flag may not work > as expected. Thank you. In the future, please make sure scripts/checkpatch.pl doesn't complain. Mimi > Signed-off-by: Lans Zhang <jia.zhang@windriver.com> > --- > security/integrity/ima/ima_api.c | 3 ++- > security/integrity/ima/ima_main.c | 5 +++-- > 2 files changed, 5 insertions(+), 3 deletions(-) > > diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c > index 9df26a2..b827875 100644 > --- a/security/integrity/ima/ima_api.c > +++ b/security/integrity/ima/ima_api.c > @@ -157,7 +157,8 @@ void ima_add_violation(struct file *file, const unsigned char *filename, > /** > * ima_get_action - appraise & measure decision based on policy. > * @inode: pointer to inode to measure > - * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) > + * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, > + * MAY_APPEND) > * @func: caller identifier > * @pcr: pointer filled in if matched measure policy sets pcr= > * > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c > index 50818c6..9fbcd8c 100644 > --- a/security/integrity/ima/ima_main.c > +++ b/security/integrity/ima/ima_main.c > @@ -307,7 +307,7 @@ int ima_bprm_check(struct linux_binprm *bprm) > /** > * ima_path_check - based on policy, collect/store measurement. > * @file: pointer to the file to be measured > - * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE > + * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND > * > * Measure files based on the ima_must_measure() policy decision. > * > @@ -317,7 +317,8 @@ int ima_bprm_check(struct linux_binprm *bprm) > int ima_file_check(struct file *file, int mask, int opened) > { > return process_measurement(file, NULL, 0, > - mask & (MAY_READ | MAY_WRITE | MAY_EXEC), > + mask & (MAY_READ | MAY_WRITE | MAY_EXEC | > + MAY_APPEND), > FILE_CHECK, opened); > } > EXPORT_SYMBOL_GPL(ima_file_check); -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 9df26a2..b827875 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -157,7 +157,8 @@ void ima_add_violation(struct file *file, const unsigned char *filename, /** * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to inode to measure - * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) + * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, + * MAY_APPEND) * @func: caller identifier * @pcr: pointer filled in if matched measure policy sets pcr= * diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 50818c6..9fbcd8c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -307,7 +307,7 @@ int ima_bprm_check(struct linux_binprm *bprm) /** * ima_path_check - based on policy, collect/store measurement. * @file: pointer to the file to be measured - * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE + * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND * * Measure files based on the ima_must_measure() policy decision. * @@ -317,7 +317,8 @@ int ima_bprm_check(struct linux_binprm *bprm) int ima_file_check(struct file *file, int mask, int opened) { return process_measurement(file, NULL, 0, - mask & (MAY_READ | MAY_WRITE | MAY_EXEC), + mask & (MAY_READ | MAY_WRITE | MAY_EXEC | + MAY_APPEND), FILE_CHECK, opened); } EXPORT_SYMBOL_GPL(ima_file_check);
Otherwise some mask and inmask tokens with MAY_APPEND flag may not work as expected. Signed-off-by: Lans Zhang <jia.zhang@windriver.com> --- security/integrity/ima/ima_api.c | 3 ++- security/integrity/ima/ima_main.c | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-)