| From 8cdc23a3d9ec0944000ad43bad588e36afdc38cd Mon Sep 17 00:00:00 2001 |
| From: Roberto Sassu <roberto.sassu@huawei.com> |
| Date: Wed, 29 May 2019 15:30:35 +0200 |
| Subject: ima: show rules with IMA_INMASK correctly |
| |
| From: Roberto Sassu <roberto.sassu@huawei.com> |
| |
| commit 8cdc23a3d9ec0944000ad43bad588e36afdc38cd upstream. |
| |
| Show the '^' character when a policy rule has flag IMA_INMASK. |
| |
| Fixes: 80eae209d63ac ("IMA: allow reading back the current IMA policy") |
| Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| security/integrity/ima/ima_policy.c | 21 ++++++++++++--------- |
| 1 file changed, 12 insertions(+), 9 deletions(-) |
| |
| --- a/security/integrity/ima/ima_policy.c |
| +++ b/security/integrity/ima/ima_policy.c |
| @@ -1059,10 +1059,10 @@ enum { |
| }; |
| |
| static const char *const mask_tokens[] = { |
| - "MAY_EXEC", |
| - "MAY_WRITE", |
| - "MAY_READ", |
| - "MAY_APPEND" |
| + "^MAY_EXEC", |
| + "^MAY_WRITE", |
| + "^MAY_READ", |
| + "^MAY_APPEND" |
| }; |
| |
| #define __ima_hook_stringify(str) (#str), |
| @@ -1122,6 +1122,7 @@ int ima_policy_show(struct seq_file *m, |
| struct ima_rule_entry *entry = v; |
| int i; |
| char tbuf[64] = {0,}; |
| + int offset = 0; |
| |
| rcu_read_lock(); |
| |
| @@ -1145,15 +1146,17 @@ int ima_policy_show(struct seq_file *m, |
| if (entry->flags & IMA_FUNC) |
| policy_func_show(m, entry->func); |
| |
| - if (entry->flags & IMA_MASK) { |
| + if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) { |
| + if (entry->flags & IMA_MASK) |
| + offset = 1; |
| if (entry->mask & MAY_EXEC) |
| - seq_printf(m, pt(Opt_mask), mt(mask_exec)); |
| + seq_printf(m, pt(Opt_mask), mt(mask_exec) + offset); |
| if (entry->mask & MAY_WRITE) |
| - seq_printf(m, pt(Opt_mask), mt(mask_write)); |
| + seq_printf(m, pt(Opt_mask), mt(mask_write) + offset); |
| if (entry->mask & MAY_READ) |
| - seq_printf(m, pt(Opt_mask), mt(mask_read)); |
| + seq_printf(m, pt(Opt_mask), mt(mask_read) + offset); |
| if (entry->mask & MAY_APPEND) |
| - seq_printf(m, pt(Opt_mask), mt(mask_append)); |
| + seq_printf(m, pt(Opt_mask), mt(mask_append) + offset); |
| seq_puts(m, " "); |
| } |
| |