Re: [PATCH] firmware: improve LSM/IMA security behaviour

From: Mimi Zohar
Date: Mon Jun 17 2019 - 14:39:28 EST

Next message: Prakhar Srivastava: "[PATCH 1/3] IMA:Define a new hook to measure the kexec boot command line arguments"
Previous message: Jorge Ramirez: "[PATCH] regulator: qcom_spmi: add PMS405 SPMI regulator"
In reply to: Sven Van Asbroeck: "[PATCH] firmware: improve LSM/IMA security behaviour"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2019-06-17 at 14:23 -0400, Sven Van Asbroeck wrote:
> The firmware loader queries if LSM/IMA permits it to load firmware
> via the sysfs fallback. Unfortunately, the code does the opposite:
> it expressly permits sysfs fw loading if security_kernel_load_data(
> LOADING_FIRMWARE) returns -EACCES. This happens because a
> zero-on-success return value is cast to a bool that's true on success.
>
> Fix the return value handling so we get the correct behaviour.

Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>

Next message: Prakhar Srivastava: "[PATCH 1/3] IMA:Define a new hook to measure the kexec boot command line arguments"
Previous message: Jorge Ramirez: "[PATCH] regulator: qcom_spmi: add PMS405 SPMI regulator"
In reply to: Sven Van Asbroeck: "[PATCH] firmware: improve LSM/IMA security behaviour"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]