Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 28fffa9066d48794171a0cd8bf37c5d6ee0dd834
commit28fffa9066d48794171a0cd8bf37c5d6ee0dd834[log] [tgz]
authorMimi Zohar <zohar@linux.vnet.ibm.com>Wed Nov 02 09:14:16 2016 -0400
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Wed Jun 06 16:44:33 2018 +0200
tree7a0a4b09740458c3b7009f005c627d44a34f7ba6
parent0f929c96926569416e9d1a1a81d1c4f59d8436aa [diff]
Revert "ima: limit file hash setting by user to fix and log modes"

commit f5acb3dcba1ffb7f0b8cbb9dba61500eea5d610b upstream.

Userspace applications have been modified to write security xattrs,
but they are not context aware.  In the case of security.ima, the
security xattr can be either a file hash or a file signature.
Permitting writing one, but not the other requires the application to
be context aware.

In addition, userspace applications might write files to a staging
area, which might not be in policy, and then change some file metadata
(eg. owner) making it in policy.  As a result, these files are not
labeled properly.

This reverts commit c68ed80c97d9720f51ef31fe91560fdd1e121533, which
prevents writing file hashes as security.ima xattrs.

Requested-by: Patrick Ohly <patrick.ohly@intel.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 7a0a4b09740458c3b7009f005c627d44a34f7ba6
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS