summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2016-01-10 21:52:17 +1100
committerJames Morris <james.l.morris@oracle.com>2016-01-10 21:52:17 +1100
commit607259e17b37017e9ec0249a8b0a7d8b76b572aa (patch)
treea8772ad30dd74afef995e558e723176e54369608 /security
parentaa98b942cbf305cf2abe5dc3aff11f579c7d7fdc (diff)
parent1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 (diff)
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into ra-next
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_fs.c18
-rw-r--r--security/keys/key.c3
-rw-r--r--security/keys/keyctl.c17
3 files changed, 17 insertions, 21 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 3caed6de610c..f355231997b4 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -261,13 +261,8 @@ static const struct file_operations ima_ascii_measurements_ops = {
static ssize_t ima_write_policy(struct file *file, const char __user *buf,
size_t datalen, loff_t *ppos)
{
- char *data = NULL;
+ char *data;
ssize_t result;
- int res;
-
- res = mutex_lock_interruptible(&ima_write_mutex);
- if (res)
- return res;
if (datalen >= PAGE_SIZE)
datalen = PAGE_SIZE - 1;
@@ -286,14 +281,19 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
result = -EFAULT;
if (copy_from_user(data, buf, datalen))
- goto out;
+ goto out_free;
+ result = mutex_lock_interruptible(&ima_write_mutex);
+ if (result < 0)
+ goto out_free;
result = ima_parse_add_rule(data);
+ mutex_unlock(&ima_write_mutex);
+
+out_free:
+ kfree(data);
out:
if (result < 0)
valid_policy = 0;
- kfree(data);
- mutex_unlock(&ima_write_mutex);
return result;
}
diff --git a/security/keys/key.c b/security/keys/key.c
index 09ef276c4bdc..07a87311055c 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(struct key *key,
/* and link it into the destination keyring */
if (keyring) {
- if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
- set_bit(KEY_FLAG_KEEP, &key->flags);
+ set_bit(KEY_FLAG_KEEP, &key->flags);
__key_link(key, _edit);
}
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e83ec6b9eb9d..8f9f323f372b 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
}
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
- return -EPERM;
- else {
+ ret = -EPERM;
+ else
key_revoke(key);
- ret = 0;
- }
key_ref_put(key_ref);
error:
@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t id)
invalidate:
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
ret = -EPERM;
- else {
+ else
key_invalidate(key);
- ret = 0;
- }
error_put:
key_ref_put(key_ref);
error:
@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
okay:
key = key_ref_to_ptr(key_ref);
+ ret = 0;
if (test_bit(KEY_FLAG_KEEP, &key->flags))
ret = -EPERM;
- else {
+ else
key_set_timeout(key, timeout);
- ret = 0;
- }
key_put(key);
error: