Merge tag 'integrity-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

torvalds · torvalds · commit c150d66bd514 · 2021-11-02T10:51:28.000-07:00
Pull integrity subsystem updates from Mimi Zohar:
 "Other than the new gid IMA policy rule support and the RCU locking
  fix, the couple of remaining changes are minor/trivial (e.g.
  __ro_after_init, replacing strscpy)"

* tag 'integrity-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  evm: mark evm_fixmode as __ro_after_init
  ima: Use strscpy instead of strlcpy
  ima_policy: Remove duplicate 'the' in docs comment
  ima: add gid support
  ima: fix uid code style problems
  ima: fix deadlock when traversing "ima_default_rules".
diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
@@ -22,8 +22,9 @@ Description:
 		  action: measure | dont_measure | appraise | dont_appraise |
 			  audit | hash | dont_hash
 		  condition:= base | lsm  [option]
-			base:	[[func=] [mask=] [fsmagic=] [fsuuid=] [uid=]
-				[euid=] [fowner=] [fsname=]]
+			base:	[[func=] [mask=] [fsmagic=] [fsuuid=] [fsname=]
+				[uid=] [euid=] [gid=] [egid=]
+				[fowner=] [fgroup=]]
 			lsm:	[[subj_user=] [subj_role=] [subj_type=]
 				 [obj_user=] [obj_role=] [obj_type=]]
 			option:	[[appraise_type=]] [template=] [permit_directio]
@@ -40,7 +41,10 @@ Description:
 			fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
 			uid:= decimal value
 			euid:= decimal value
+			gid:= decimal value
+			egid:= decimal value
 			fowner:= decimal value
+			fgroup:= decimal value
 		  lsm:  are LSM specific
 		  option:
 			appraise_type:= [imasig] [imasig|modsig]
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
@@ -78,7 +78,7 @@ static struct xattr_list evm_config_default_xattrnames[] = {
 
 LIST_HEAD(evm_config_xattrnames);
 
-static int evm_fixmode;
+static int evm_fixmode __ro_after_init;
 static int __init evm_set_fixmode(char *str)
 {
 	if (strncmp(str, "fix", 3) == 0)
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
@@ -403,7 +403,7 @@ const char *ima_d_path(const struct path *path, char **pathbuf, char *namebuf)
 	}
 
 	if (!pathname) {
-		strlcpy(namebuf, path->dentry->d_name.name, NAME_MAX);
+		strscpy(namebuf, path->dentry->d_name.name, NAME_MAX);
 		pathname = namebuf;
 	}
 
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ static struct xattr_list evm_config_default_xattrnames[] = {`
`78`	`78`
`79`	`79`	`LIST_HEAD(evm_config_xattrnames);`
`80`	`80`
`81`		`-static int evm_fixmode;`
	`81`	`+static int evm_fixmode __ro_after_init;`
`82`	`82`	`static int __init evm_set_fixmode(char *str)`
`83`	`83`	`{`
`84`	`84`	`if (strncmp(str, "fix", 3) == 0)`
Original file line number	Diff line number	Diff line change
`@@ -403,7 +403,7 @@ const char ima_d_path(const struct path path, char *pathbuf, char namebuf)`
`403`	`403`	`}`
`404`	`404`
`405`	`405`	`if (!pathname) {`
`406`		`- strlcpy(namebuf, path->dentry->d_name.name, NAME_MAX);`
	`406`	`+ strscpy(namebuf, path->dentry->d_name.name, NAME_MAX);`
`407`	`407`	`pathname = namebuf;`
`408`	`408`	`}`
`409`	`409`