Re: [PATCH] firmware: improve LSM/IMA security behaviour

From: Mimi Zohar
Date: Mon Jun 17 2019 - 14:39:28 EST


On Mon, 2019-06-17 at 14:23 -0400, Sven Van Asbroeck wrote:
> The firmware loader queries if LSM/IMA permits it to load firmware
> via the sysfs fallback. Unfortunately, the code does the opposite:
> it expressly permits sysfs fw loading if security_kernel_load_data(
> LOADING_FIRMWARE) returns -EACCES. This happens because a
> zero-on-success return value is cast to a bool that's true on success.
>
> Fix the return value handling so we get the correct behaviour.

Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>