[PATCH] ima: Fix return value of ima_write_policy()

From: Roberto Sassu
Date: Tue Apr 21 2020 - 05:07:48 EST

Next message: èåå: "[add Markus.Elfring in mail list]Re:[PATCH v2] amdgpu: fixes error branch not return errno issue"
Previous message: Wei Liu: "Re: [PATCH v2] x86/hyperv: Suspend/resume the VP assist page for hibernation"
Next in thread: Mimi Zohar: "Re: [PATCH] ima: Fix return value of ima_write_policy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Return datalen instead of zero if there is a rule to appraise the policy
but that rule is not enforced.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 19f8a84713edc ("ima: measure and appraise the IMA policy itself")
Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
---
security/integrity/ima/ima_fs.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index a71e822a6e92..2c2ea814b954 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -340,6 +340,8 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
1, 0);
if (ima_appraise & IMA_APPRAISE_ENFORCE)
result = -EACCES;
+ else
+ result = datalen;
} else {
result = ima_parse_add_rule(data);
}
--
2.17.1

Next message: èåå: "[add Markus.Elfring in mail list]Re:[PATCH v2] amdgpu: fixes error branch not return errno issue"
Previous message: Wei Liu: "Re: [PATCH v2] x86/hyperv: Suspend/resume the VP assist page for hibernation"
Next in thread: Mimi Zohar: "Re: [PATCH] ima: Fix return value of ima_write_policy()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]