| Message ID | 20190529133035.28724-4-roberto.sassu@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ima/evm fixes for v5.2 | expand |
On Wed, 2019-05-29 at 15:30 +0200, Roberto Sassu wrote: > Show the '^' character when a policy rule has flag IMA_INMASK. > > Fixes: 80eae209d63ac ("IMA: allow reading back the current IMA policy") > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > Cc: stable@vger.kernel.org Thanks, queued. > --- > security/integrity/ima/ima_policy.c | 21 ++++++++++++--------- > 1 file changed, 12 insertions(+), 9 deletions(-) > > diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c > index e0cc323f948f..ae4034f041c4 100644 > --- a/security/integrity/ima/ima_policy.c > +++ b/security/integrity/ima/ima_policy.c > @@ -1146,10 +1146,10 @@ enum { > }; > > static const char *const mask_tokens[] = { > - "MAY_EXEC", > - "MAY_WRITE", > - "MAY_READ", > - "MAY_APPEND" > + "^MAY_EXEC", > + "^MAY_WRITE", > + "^MAY_READ", > + "^MAY_APPEND" > }; > > #define __ima_hook_stringify(str) (#str), > @@ -1209,6 +1209,7 @@ int ima_policy_show(struct seq_file *m, void *v) > struct ima_rule_entry *entry = v; > int i; > char tbuf[64] = {0,}; > + int offset = 0; > > rcu_read_lock(); > > @@ -1232,15 +1233,17 @@ int ima_policy_show(struct seq_file *m, void *v) > if (entry->flags & IMA_FUNC) > policy_func_show(m, entry->func); > > - if (entry->flags & IMA_MASK) { > + if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) { > + if (entry->flags & IMA_MASK) > + offset = 1; > if (entry->mask & MAY_EXEC) > - seq_printf(m, pt(Opt_mask), mt(mask_exec)); > + seq_printf(m, pt(Opt_mask), mt(mask_exec) + offset); > if (entry->mask & MAY_WRITE) > - seq_printf(m, pt(Opt_mask), mt(mask_write)); > + seq_printf(m, pt(Opt_mask), mt(mask_write) + offset); > if (entry->mask & MAY_READ) > - seq_printf(m, pt(Opt_mask), mt(mask_read)); > + seq_printf(m, pt(Opt_mask), mt(mask_read) + offset); > if (entry->mask & MAY_APPEND) > - seq_printf(m, pt(Opt_mask), mt(mask_append)); > + seq_printf(m, pt(Opt_mask), mt(mask_append) + offset); > seq_puts(m, " "); > } >
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index e0cc323f948f..ae4034f041c4 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -1146,10 +1146,10 @@ enum { }; static const char *const mask_tokens[] = { - "MAY_EXEC", - "MAY_WRITE", - "MAY_READ", - "MAY_APPEND" + "^MAY_EXEC", + "^MAY_WRITE", + "^MAY_READ", + "^MAY_APPEND" }; #define __ima_hook_stringify(str) (#str), @@ -1209,6 +1209,7 @@ int ima_policy_show(struct seq_file *m, void *v) struct ima_rule_entry *entry = v; int i; char tbuf[64] = {0,}; + int offset = 0; rcu_read_lock(); @@ -1232,15 +1233,17 @@ int ima_policy_show(struct seq_file *m, void *v) if (entry->flags & IMA_FUNC) policy_func_show(m, entry->func); - if (entry->flags & IMA_MASK) { + if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) { + if (entry->flags & IMA_MASK) + offset = 1; if (entry->mask & MAY_EXEC) - seq_printf(m, pt(Opt_mask), mt(mask_exec)); + seq_printf(m, pt(Opt_mask), mt(mask_exec) + offset); if (entry->mask & MAY_WRITE) - seq_printf(m, pt(Opt_mask), mt(mask_write)); + seq_printf(m, pt(Opt_mask), mt(mask_write) + offset); if (entry->mask & MAY_READ) - seq_printf(m, pt(Opt_mask), mt(mask_read)); + seq_printf(m, pt(Opt_mask), mt(mask_read) + offset); if (entry->mask & MAY_APPEND) - seq_printf(m, pt(Opt_mask), mt(mask_append)); + seq_printf(m, pt(Opt_mask), mt(mask_append) + offset); seq_puts(m, " "); }
Show the '^' character when a policy rule has flag IMA_INMASK. Fixes: 80eae209d63ac ("IMA: allow reading back the current IMA policy") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Cc: stable@vger.kernel.org --- security/integrity/ima/ima_policy.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-)