Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-11-07 04:09:21 +00:00
Code Issues Projects Releases Wiki Activity

ima: "remove enforce checking duplication" merge fix

Browse source 
Commit "750943a ima: remove enforce checking duplication" combined
the 'in IMA policy' and 'enforcing file integrity' checks.  For
the non-file, kernel module verification, a specific check for
'enforcing file integrity' was not added.  This patch adds the
check.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
Mimi Zohar 2013-02-24 23:42:36 -05:00 committed by James Morris
parent ab7826595e
commit a2c2c3a71c
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
security/integrity/ima/ima_main.c
View file

@ -284,7 +284,8 @@ int ima_module_check(struct file *file)
{
if (!file) {
#ifndef CONFIG_MODULE_SIG_FORCE
if (ima_appraise & IMA_APPRAISE_MODULES)
if ((ima_appraise & IMA_APPRAISE_MODULES) &&
(ima_appraise & IMA_APPRAISE_ENFORCE))
return -EACCES; /* INTEGRITY_UNKNOWN */
#endif
return 0; /* We rely on module signature checking */