diff options
author | Kevin Hilman <khilman@linaro.org> | 2015-08-10 10:31:26 -0700 |
---|---|---|
committer | Kevin Hilman <khilman@linaro.org> | 2015-08-10 10:31:26 -0700 |
commit | fffb1d2b9e7ded3277113d61aefa57a6430bc4ac (patch) | |
tree | ad3db15ed2c0c199cc559a0fbca6d6dfd1d68c3b /security | |
parent | 7c29714d4bf7bc3fb3b5460eb020f7ebf3e2918a (diff) | |
parent | cec285f5fdb58cc760d0b882f9a2d94d7ff21a8a (diff) |
Merge branch 'linux-linaro-lsk-v3.18' into linux-linaro-lsk-v3.18-android
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/evm/evm_main.c | 12 | ||||
-rw-r--r-- | security/keys/keyring.c | 8 |
2 files changed, 17 insertions, 3 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index c5ee1a7c5e8a..4ada1a97a60b 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -22,6 +22,7 @@ #include <linux/xattr.h> #include <linux/integrity.h> #include <linux/evm.h> +#include <linux/magic.h> #include <crypto/hash.h> #include "evm.h" @@ -291,6 +292,17 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, iint = integrity_iint_find(dentry->d_inode); if (iint && (iint->flags & IMA_NEW_FILE)) return 0; + + /* exception for pseudo filesystems */ + if (dentry->d_inode->i_sb->s_magic == TMPFS_MAGIC + || dentry->d_inode->i_sb->s_magic == SYSFS_MAGIC) + return 0; + + integrity_audit_msg(AUDIT_INTEGRITY_METADATA, + dentry->d_inode, dentry->d_name.name, + "update_metadata", + integrity_status_msg[evm_status], + -EPERM, 0); } out: if (evm_status != INTEGRITY_PASS) diff --git a/security/keys/keyring.c b/security/keys/keyring.c index e72548b5897e..d33437007ad2 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -1181,9 +1181,11 @@ void __key_link_end(struct key *keyring, if (index_key->type == &key_type_keyring) up_write(&keyring_serialise_link_sem); - if (edit && !edit->dead_leaf) { - key_payload_reserve(keyring, - keyring->datalen - KEYQUOTA_LINK_BYTES); + if (edit) { + if (!edit->dead_leaf) { + key_payload_reserve(keyring, + keyring->datalen - KEYQUOTA_LINK_BYTES); + } assoc_array_cancel_edit(edit); } up_write(&keyring->sem); |