From: Zhang Tianxing <zhangtianxing3@huawei.com> hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 603cc292bfe4328ba42ee3545bc167fce0de38d1. Signed-off-by: Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> --- security/integrity/ima/ima_digest_list.c | 12 ------------ security/integrity/ima/ima_fs.c | 11 +---------- 2 files changed, 1 insertion(+), 22 deletions(-) diff --git a/security/integrity/ima/ima_digest_list.c b/security/integrity/ima/ima_digest_list.c index 9384affe8b30..2d7148ff09c1 100644 --- a/security/integrity/ima/ima_digest_list.c +++ b/security/integrity/ima/ima_digest_list.c @@ -89,9 +89,6 @@ struct ima_digest *ima_lookup_digest(u8 *digest, enum hash_algo algo, int digest_len = hash_digest_size[algo]; unsigned int key = ima_hash_key(digest); - if (&init_ima_ns != get_current_ns()) - return NULL; - rcu_read_lock(); hlist_for_each_entry_rcu(d, &ima_digests_htable.queue[key], hnext) if (d->algo == algo && d->type == type && @@ -176,9 +173,6 @@ int ima_parse_compact_list(loff_t size, void *buf, int op) size_t digest_len; int ret = 0, i; - if (&init_ima_ns != get_current_ns()) - return -EACCES; - if (!(ima_digest_list_actions & init_policy_data.ima_policy_flag)) return -EACCES; @@ -251,9 +245,6 @@ void ima_check_measured_appraised(struct file *file) { struct integrity_iint_cache *iint; - if (&init_ima_ns != get_current_ns()) - return; - if (!ima_digest_list_actions) return; @@ -290,9 +281,6 @@ void ima_check_measured_appraised(struct file *file) struct ima_digest *ima_digest_allow(struct ima_digest *digest, int action) { - if (&init_ima_ns != get_current_ns()) - return NULL; - if (!(ima_digest_list_actions & action)) return NULL; diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 00cd8095d346..d9c7e1d6d543 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -60,17 +60,11 @@ static int valid_policy = 1; static int ima_open_simple(struct inode *inode, struct file *file) { - struct dentry *dentry = file_dentry(file); struct ima_namespace *ima_ns = get_current_ns(); if (!ns_capable(ima_ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; - if (dentry == digests_count) { - if (&init_ima_ns != get_current_ns()) - return -EACCES; - } - return 0; } @@ -562,12 +556,9 @@ static int ima_open_data_upload(struct inode *inode, struct file *filp) if (test_and_set_bit(flag, &ima_fs_flags)) return -EBUSY; - if (dentry == digest_list_data || dentry == digest_list_data_del) { - if (&init_ima_ns != get_current_ns()) - return -EACCES; + if (dentry == digest_list_data || dentry == digest_list_data_del) if (ima_check_current_is_parser()) ima_set_parser(); - } return 0; } -- 2.20.1