From: Zhang Tianxing zhangtianxing3@huawei.com
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA
--------------------------------
This reverts commit 603cc292bfe4328ba42ee3545bc167fce0de38d1.
Signed-off-by: Zhang Tianxing zhangtianxing3@huawei.com Acked-by: Xie XiuQi xiexiuqi@huawei.com Acked-by: Xiu Jianfengxiujianfeng@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- security/integrity/ima/ima_digest_list.c | 12 ------------ security/integrity/ima/ima_fs.c | 11 +---------- 2 files changed, 1 insertion(+), 22 deletions(-)
diff --git a/security/integrity/ima/ima_digest_list.c b/security/integrity/ima/ima_digest_list.c index 9384affe8b30..2d7148ff09c1 100644 --- a/security/integrity/ima/ima_digest_list.c +++ b/security/integrity/ima/ima_digest_list.c @@ -89,9 +89,6 @@ struct ima_digest *ima_lookup_digest(u8 *digest, enum hash_algo algo, int digest_len = hash_digest_size[algo]; unsigned int key = ima_hash_key(digest);
- if (&init_ima_ns != get_current_ns()) - return NULL; - rcu_read_lock(); hlist_for_each_entry_rcu(d, &ima_digests_htable.queue[key], hnext) if (d->algo == algo && d->type == type && @@ -176,9 +173,6 @@ int ima_parse_compact_list(loff_t size, void *buf, int op) size_t digest_len; int ret = 0, i;
- if (&init_ima_ns != get_current_ns()) - return -EACCES; - if (!(ima_digest_list_actions & init_policy_data.ima_policy_flag)) return -EACCES;
@@ -251,9 +245,6 @@ void ima_check_measured_appraised(struct file *file) { struct integrity_iint_cache *iint;
- if (&init_ima_ns != get_current_ns()) - return; - if (!ima_digest_list_actions) return;
@@ -290,9 +281,6 @@ void ima_check_measured_appraised(struct file *file)
struct ima_digest *ima_digest_allow(struct ima_digest *digest, int action) { - if (&init_ima_ns != get_current_ns()) - return NULL; - if (!(ima_digest_list_actions & action)) return NULL;
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 00cd8095d346..d9c7e1d6d543 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -60,17 +60,11 @@ static int valid_policy = 1;
static int ima_open_simple(struct inode *inode, struct file *file) { - struct dentry *dentry = file_dentry(file); struct ima_namespace *ima_ns = get_current_ns();
if (!ns_capable(ima_ns->user_ns, CAP_SYS_ADMIN)) return -EPERM;
- if (dentry == digests_count) { - if (&init_ima_ns != get_current_ns()) - return -EACCES; - } - return 0; }
@@ -562,12 +556,9 @@ static int ima_open_data_upload(struct inode *inode, struct file *filp) if (test_and_set_bit(flag, &ima_fs_flags)) return -EBUSY;
- if (dentry == digest_list_data || dentry == digest_list_data_del) { - if (&init_ima_ns != get_current_ns()) - return -EACCES; + if (dentry == digest_list_data || dentry == digest_list_data_del) if (ima_check_current_is_parser()) ima_set_parser(); - }
return 0; }