summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTyler Hicks <tyhicks@linux.microsoft.com>2020-07-09 08:19:07 +0200
committerMimi Zohar <zohar@linux.ibm.com>2020-07-20 19:28:13 +0200
commit39e5993d0d452b9ef612f2fcf7ca77ff319438f4 (patch)
tree3f2b9a3d2436a1118ef52b387ca497f4d4bdc2bf /security
parentima: Fail rule parsing when appraise_flag=blacklist is unsupportable (diff)
downloadlinux-39e5993d0d452b9ef612f2fcf7ca77ff319438f4.tar.xz
linux-39e5993d0d452b9ef612f2fcf7ca77ff319438f4.zip
ima: Shallow copy the args_p member of ima_rule_entry.lsm elements
The args_p member is a simple string that is allocated by ima_rule_init(). Shallow copy it like other non-LSM references in ima_rule_entry structs. There are no longer any necessary error path cleanups to do in ima_lsm_copy_rule(). Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_policy.c18
1 files changed, 8 insertions, 10 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index cf3ddb38dfa8..86ccd0076e71 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -300,10 +300,13 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
continue;
nentry->lsm[i].type = entry->lsm[i].type;
- nentry->lsm[i].args_p = kstrdup(entry->lsm[i].args_p,
- GFP_KERNEL);
- if (!nentry->lsm[i].args_p)
- goto out_err;
+ nentry->lsm[i].args_p = entry->lsm[i].args_p;
+ /*
+ * Remove the reference from entry so that the associated
+ * memory will not be freed during a later call to
+ * ima_lsm_free_rule(entry).
+ */
+ entry->lsm[i].args_p = NULL;
security_filter_rule_init(nentry->lsm[i].type,
Audit_equal,
@@ -311,14 +314,9 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
&nentry->lsm[i].rule);
if (!nentry->lsm[i].rule)
pr_warn("rule for LSM \'%s\' is undefined\n",
- (char *)entry->lsm[i].args_p);
+ (char *)nentry->lsm[i].args_p);
}
return nentry;
-
-out_err:
- ima_lsm_free_rule(nentry);
- kfree(nentry);
- return NULL;
}
static int ima_lsm_update_rule(struct ima_rule_entry *entry)