TononixOS/ubports_kernel_google_msm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

evm: add evm_inode_setattr to prevent updating an invalid security.evm

Browse Source 
Permit changing of security.evm only when valid, unless in fixmode.

Reported-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
This commit is contained in:
Mimi Zohar
2011-05-13 12:53:38 -04:00
parent 7102ebcd65
commit 817b54aa45
3 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
security/security.c
View File

@@ -571,9 +571,14 @@ int security_inode_exec_permission(struct inode *inode, unsigned int flags)
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
int ret;
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
return security_ops->inode_setattr(dentry, attr);
ret = security_ops->inode_setattr(dentry, attr);
if (ret)
return ret;
return evm_inode_setattr(dentry, attr);
}
EXPORT_SYMBOL_GPL(security_inode_setattr);