Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 42a4c603198f0d45b7aa936d3ac6ba1b8bd14a1b
commit42a4c603198f0d45b7aa936d3ac6ba1b8bd14a1b[log] [tgz]
authorMimi Zohar <zohar@linux.vnet.ibm.com>Mon Feb 29 08:30:12 2016 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>Sun May 01 09:23:52 2016 -0400
treefca744f08e4a7e7563ff5f691a9d75766853c654
parent39d637af5aa7577f655c58b9e55587566c63a0af [diff]
ima: fix ima_inode_post_setattr

Changing file metadata (eg. uid, guid) could result in having to
re-appraise a file's integrity, but does not change the "new file"
status nor the security.ima xattr.  The IMA_PERMIT_DIRECTIO and
IMA_DIGSIG_REQUIRED flags are policy rule specific.  This patch
only resets these flags, not the IMA_NEW_FILE or IMA_DIGSIG flags.

With this patch, changing the file timestamp will not remove the
file signature on new files.

Reported-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Tested-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
2 files changed
tree: fca744f08e4a7e7563ff5f691a9d75766853c654
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS