Merge tag 'integrity-v5.16' of git://git.kernel.org/pub/scm/linux/ker…

…nel/git/zohar/linux-integrity Pull integrity subsystem updates from Mimi Zohar: "Other than the new gid IMA policy rule support and the RCU locking fix, the couple of remaining changes are minor/trivial (e.g. __ro_after_init, replacing strscpy)" * tag 'integrity-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: evm: mark evm_fixmode as __ro_after_init ima: Use strscpy instead of strlcpy ima_policy: Remove duplicate 'the' in docs comment ima: add gid support ima: fix uid code style problems ima: fix deadlock when traversing "ima_default_rules".
ShawnCheung · Nov 2, 2021 · c150d66 · c150d66
2 parents 61f90a8 + 32ba540
commit c150d66
Show file tree

Hide file tree

Showing 4 changed files with 208 additions and 47 deletions.
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
@@ -22,8 +22,9 @@ Description:
 		  action: measure | dont_measure | appraise | dont_appraise |
 			  audit | hash | dont_hash
 		  condition:= base | lsm  [option]
-			base:	[[func=] [mask=] [fsmagic=] [fsuuid=] [uid=]
-				[euid=] [fowner=] [fsname=]]
+			base:	[[func=] [mask=] [fsmagic=] [fsuuid=] [fsname=]
+				[uid=] [euid=] [gid=] [egid=]
+				[fowner=] [fgroup=]]
 			lsm:	[[subj_user=] [subj_role=] [subj_type=]
 				 [obj_user=] [obj_role=] [obj_type=]]
 			option:	[[appraise_type=]] [template=] [permit_directio]
@@ -40,7 +41,10 @@ Description:
 			fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
 			uid:= decimal value
 			euid:= decimal value
+			gid:= decimal value
+			egid:= decimal value
 			fowner:= decimal value
+			fgroup:= decimal value
 		  lsm:  are LSM specific
 		  option:
 			appraise_type:= [imasig] [imasig|modsig]

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
@@ -78,7 +78,7 @@ static struct xattr_list evm_config_default_xattrnames[] = {
 
 LIST_HEAD(evm_config_xattrnames);
 
-static int evm_fixmode;
+static int evm_fixmode __ro_after_init;
 static int __init evm_set_fixmode(char *str)
 {
 	if (strncmp(str, "fix", 3) == 0)

diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
@@ -403,7 +403,7 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf)
 	}
 
 	if (!pathname) {
-		strlcpy(namebuf, path->dentry->d_name.name, NAME_MAX);
+		strscpy(namebuf, path->dentry->d_name.name, NAME_MAX);
 		pathname = namebuf;
 	}