diff options
| author | Olof Johansson <olof@lixom.net> | 2013-01-14 10:20:02 -0800 |
|---|---|---|
| committer | Olof Johansson <olof@lixom.net> | 2013-01-14 10:20:02 -0800 |
| commit | 8d84981e395850aab31c3f2ca7e2738e03f671d7 (patch) | |
| tree | 933425fddb23d28be802277471df3fe3f6c2711d /security/integrity | |
| parent | 00c82d64405631967dca3890a9ce80ab35d04cc7 (diff) | |
| parent | 77cc982f6a3b33a5aa058ad3b20cda8866db2948 (diff) | |
Merge branch 'clocksource/cleanup' into next/cleanup
Clockevent cleanup series from Shawn Guo.
Resolved move/change conflict in mach-pxa/time.c due to the sys_timer
cleanup.
* clocksource/cleanup:
clocksource: use clockevents_config_and_register() where possible
ARM: use clockevents_config_and_register() where possible
clockevents: export clockevents_config_and_register for module use
+ sync to Linux 3.8-rc3
Signed-off-by: Olof Johansson <olof@lixom.net>
Conflicts:
arch/arm/mach-pxa/time.c
Diffstat (limited to 'security/integrity')
| -rw-r--r-- | security/integrity/ima/ima.h | 1 | ||||
| -rw-r--r-- | security/integrity/ima/ima_main.c | 12 | ||||
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 3 |
3 files changed, 11 insertions, 5 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 3b2adb794f1..079a85dc37b 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -139,6 +139,7 @@ void ima_delete_rules(void); /* Appraise integrity measurements */ #define IMA_APPRAISE_ENFORCE 0x01 #define IMA_APPRAISE_FIX 0x02 +#define IMA_APPRAISE_MODULES 0x04 #ifdef CONFIG_IMA_APPRAISE int ima_appraise_measurement(struct integrity_iint_cache *iint, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 45de18e9a6f..dba965de90d 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -291,11 +291,15 @@ EXPORT_SYMBOL_GPL(ima_file_check); */ int ima_module_check(struct file *file) { - int rc; + int rc = 0; - if (!file) - rc = INTEGRITY_UNKNOWN; - else + if (!file) { + if (ima_appraise & IMA_APPRAISE_MODULES) { +#ifndef CONFIG_MODULE_SIG_FORCE + rc = -EACCES; /* INTEGRITY_UNKNOWN */ +#endif + } + } else rc = process_measurement(file, file->f_dentry->d_name.name, MAY_EXEC, MODULE_CHECK); return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0; diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index af7d182d5a4..479fca940bb 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -523,7 +523,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) } if (!result && (entry->action == UNKNOWN)) result = -EINVAL; - + else if (entry->func == MODULE_CHECK) + ima_appraise |= IMA_APPRAISE_MODULES; audit_log_format(ab, "res=%d", !result); audit_log_end(ab); return result; |