GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-03-17 20:54:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

ima: Do not print policy rule with inactive LSM labels

Browse source 
commit 89677197ae upstream.

Before printing a policy rule scan for inactive LSM labels in the policy
rule. Inactive LSM labels are identified by args_p != NULL and
rule == NULL.

Fixes: 483ec26eed ("ima: ima/lsm policy rule loading logic bug fixes")
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Cc: <stable@vger.kernel.org> # v5.6+
Acked-by: Christian Brauner <brauner@kernel.org>
[zohar@linux.ibm.com: Updated "Fixes" tag]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Stefan Berger 2022-02-01 15:37:10 -05:00 committed by Justin Hammond
parent ab112a5868
commit 5c4a50fd1c
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
security/integrity/ima/ima_policy.c
View file

@ -1852,6 +1852,14 @@ int ima_policy_show(struct seq_file *m, void *v)
rcu_read_lock();
/* Do not print rules with inactive LSM labels */
for (i = 0; i < MAX_LSM_RULES; i++) {
if (entry->lsm[i].args_p && !entry->lsm[i].rule) {
rcu_read_unlock();
return 0;
}
}
if (entry->action & MEASURE)
seq_puts(m, pt(Opt_measure));
if (entry->action & DONT_MEASURE)