diff options
author | Mark Brown <broonie@kernel.org> | 2014-11-14 18:09:04 +0000 |
---|---|---|
committer | Mark Brown <broonie@kernel.org> | 2014-11-14 18:09:04 +0000 |
commit | 4f41964e046a17586c216f74f14bd97b3e5164c9 (patch) | |
tree | e0f206d1e5be4b526336c4037e74f08f1fda39ac /security | |
parent | 3251b2cdb9959eb46bd9b9fa9fb3c470eaf464b3 (diff) | |
parent | 11a266d2e5e6b73bfba337fb3ef21c8fd4fa4150 (diff) |
Merge branch 'linux-linaro-lsk-v3.14' into linux-linaro-lsk-v3.14-android
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/evm/evm_main.c | 16 | ||||
-rw-r--r-- | security/selinux/hooks.c | 2 |
2 files changed, 14 insertions, 4 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 3c5cbb977254..7e71e066198f 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -269,6 +269,13 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, goto out; } evm_status = evm_verify_current_integrity(dentry); + if (evm_status == INTEGRITY_NOXATTRS) { + struct integrity_iint_cache *iint; + + iint = integrity_iint_find(dentry->d_inode); + if (iint && (iint->flags & IMA_NEW_FILE)) + return 0; + } out: if (evm_status != INTEGRITY_PASS) integrity_audit_msg(AUDIT_INTEGRITY_METADATA, dentry->d_inode, @@ -296,9 +303,12 @@ int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name, { const struct evm_ima_xattr_data *xattr_data = xattr_value; - if ((strcmp(xattr_name, XATTR_NAME_EVM) == 0) - && (xattr_data->type == EVM_XATTR_HMAC)) - return -EPERM; + if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) { + if (!xattr_value_len) + return -EINVAL; + if (xattr_data->type != EVM_IMA_XATTR_DIGSIG) + return -EPERM; + } return evm_protect_xattr(dentry, xattr_name, xattr_value, xattr_value_len); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2af241e1cc7c..cefb65c9b9de 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -470,6 +470,7 @@ next_inode: list_entry(sbsec->isec_head.next, struct inode_security_struct, list); struct inode *inode = isec->inode; + list_del_init(&isec->list); spin_unlock(&sbsec->isec_lock); inode = igrab(inode); if (inode) { @@ -478,7 +479,6 @@ next_inode: iput(inode); } spin_lock(&sbsec->isec_lock); - list_del_init(&isec->list); goto next_inode; } spin_unlock(&sbsec->isec_lock); |