IMA: handle comments in policy
IMA policy load parser will reject any policies with a comment. This patch will allow the parser to just ignore lines which start with a #. This is not very robust. # can ONLY be used at the very beginning of a line. Inline comments are not allowed. Signed-off-by: Eric Paris Acked-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Eric Paris
James Morris
parent
28ef4002ec
commit
7233e3ee22
1 changed files with 14 additions and 7 deletions
|
|
@ -445,19 +445,26 @@ ssize_t ima_parse_add_rule(char *rule)
|
||||||
|
|
||||||
p = strsep(&rule, "\n");
|
p = strsep(&rule, "\n");
|
||||||
len = strlen(p) + 1;
|
len = strlen(p) + 1;
|
||||||
|
|
||||||
|
if (*p == '#') {
|
||||||
|
kfree(entry);
|
||||||
|
return len;
|
||||||
|
}
|
||||||
|
|
||||||
result = ima_parse_rule(p, entry);
|
result = ima_parse_rule(p, entry);
|
||||||
if (!result) {
|
if (result) {
|
||||||
result = len;
|
|
||||||
mutex_lock(&ima_measure_mutex);
|
|
||||||
list_add_tail(&entry->list, &measure_policy_rules);
|
|
||||||
mutex_unlock(&ima_measure_mutex);
|
|
||||||
} else {
|
|
||||||
kfree(entry);
|
kfree(entry);
|
||||||
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
|
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
|
||||||
NULL, op, "invalid policy", result,
|
NULL, op, "invalid policy", result,
|
||||||
audit_info);
|
audit_info);
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
return result;
|
|
||||||
|
mutex_lock(&ima_measure_mutex);
|
||||||
|
list_add_tail(&entry->list, &measure_policy_rules);
|
||||||
|
mutex_unlock(&ima_measure_mutex);
|
||||||
|
|
||||||
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ima_delete_rules called to cleanup invalid policy */
|
/* ima_delete_rules called to cleanup invalid policy */
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue