summaryrefslogtreecommitdiffstats
path: root/security/integrity/ima
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2020-10-02 19:38:25 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2020-10-05 13:37:04 +0200
commit0fa8e084648779eeb8929ae004301b3acf3bad84 (patch)
treeebfed647c8f2a43a0967ba127c7e75df36909cba /security/integrity/ima
parentIMA: Add support for file reads without contents (diff)
downloadlinux-0fa8e084648779eeb8929ae004301b3acf3bad84.tar.xz
linux-0fa8e084648779eeb8929ae004301b3acf3bad84.zip
fs/kernel_file_read: Add "offset" arg for partial reads
To perform partial reads, callers of kernel_read_file*() must have a non-NULL file_size argument and a preallocated buffer. The new "offset" argument can then be used to seek to specific locations in the file to fill the buffer to, at most, "buf_size" per call. Where possible, the LSM hooks can report whether a full file has been read or not so that the contents can be reasoned about. Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20201002173828.2099543-14-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security/integrity/ima')
-rw-r--r--security/integrity/ima/ima_fs.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 5fc56ccb6678..ea8ff8a07b36 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -284,7 +284,8 @@ static ssize_t ima_read_policy(char *path)
datap = path;
strsep(&datap, "\n");
- rc = kernel_read_file_from_path(path, &data, INT_MAX, NULL, READING_POLICY);
+ rc = kernel_read_file_from_path(path, 0, &data, INT_MAX, NULL,
+ READING_POLICY);
if (rc < 0) {
pr_err("Unable to open file: %s (%d)", path, rc);
return rc;