| ima_policy.c (bad4417b692ede5cf31105b329cea1544875b526) | ima_policy.c (3dd0c8d06511c7c61c62305fcf431ca28884d263) |
|---|---|
| 1/* 2 * Copyright (C) 2008 IBM Corporation 3 * Author: Mimi Zohar <zohar@us.ibm.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, version 2 of the License. 8 * --- 50 unchanged lines hidden (view full) --- 59 int action; 60 unsigned int flags; 61 enum ima_hooks func; 62 int mask; 63 unsigned long fsmagic; 64 u8 fsuuid[16]; 65 kuid_t uid; 66 kuid_t fowner; | 1/* 2 * Copyright (C) 2008 IBM Corporation 3 * Author: Mimi Zohar <zohar@us.ibm.com> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, version 2 of the License. 8 * --- 50 unchanged lines hidden (view full) --- 59 int action; 60 unsigned int flags; 61 enum ima_hooks func; 62 int mask; 63 unsigned long fsmagic; 64 u8 fsuuid[16]; 65 kuid_t uid; 66 kuid_t fowner; |
| 67 bool (*uid_op)(kuid_t, kuid_t); /* Handlers for operators */ 68 bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */ |
|
| 67 int pcr; 68 struct { 69 void *rule; /* LSM file metadata specific */ 70 void *args_p; /* audit value */ 71 int type; /* audit type */ 72 } lsm[MAX_LSM_RULES]; 73}; 74 --- 23 unchanged lines hidden (view full) --- 98}; 99 100static struct ima_rule_entry original_measurement_rules[] __ro_after_init = { 101 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC, 102 .flags = IMA_FUNC | IMA_MASK}, 103 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC, 104 .flags = IMA_FUNC | IMA_MASK}, 105 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, | 69 int pcr; 70 struct { 71 void *rule; /* LSM file metadata specific */ 72 void *args_p; /* audit value */ 73 int type; /* audit type */ 74 } lsm[MAX_LSM_RULES]; 75}; 76 --- 23 unchanged lines hidden (view full) --- 100}; 101 102static struct ima_rule_entry original_measurement_rules[] __ro_after_init = { 103 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC, 104 .flags = IMA_FUNC | IMA_MASK}, 105 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC, 106 .flags = IMA_FUNC | IMA_MASK}, 107 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, |
| 106 .uid = GLOBAL_ROOT_UID, .flags = IMA_FUNC | IMA_MASK | IMA_UID}, | 108 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq, 109 .flags = IMA_FUNC | IMA_MASK | IMA_UID}, |
| 107 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC}, 108 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC}, 109}; 110 111static struct ima_rule_entry default_measurement_rules[] __ro_after_init = { 112 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC, 113 .flags = IMA_FUNC | IMA_MASK}, 114 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC, 115 .flags = IMA_FUNC | IMA_MASK}, 116 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, | 110 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC}, 111 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC}, 112}; 113 114static struct ima_rule_entry default_measurement_rules[] __ro_after_init = { 115 {.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC, 116 .flags = IMA_FUNC | IMA_MASK}, 117 {.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC, 118 .flags = IMA_FUNC | IMA_MASK}, 119 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, |
| 117 .uid = GLOBAL_ROOT_UID, .flags = IMA_FUNC | IMA_INMASK | IMA_EUID}, | 120 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq, 121 .flags = IMA_FUNC | IMA_INMASK | IMA_EUID}, |
| 118 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, | 122 {.action = MEASURE, .func = FILE_CHECK, .mask = MAY_READ, |
| 119 .uid = GLOBAL_ROOT_UID, .flags = IMA_FUNC | IMA_INMASK | IMA_UID}, | 123 .uid = GLOBAL_ROOT_UID, .uid_op = &uid_eq, 124 .flags = IMA_FUNC | IMA_INMASK | IMA_UID}, |
| 120 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC}, 121 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC}, 122 {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC}, 123}; 124 125static struct ima_rule_entry default_appraise_rules[] __ro_after_init = { 126 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 127 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC}, --- 6 unchanged lines hidden (view full) --- 134 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, 135 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}, 136 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 137#ifdef CONFIG_IMA_WRITE_POLICY 138 {.action = APPRAISE, .func = POLICY_CHECK, 139 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 140#endif 141#ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT | 125 {.action = MEASURE, .func = MODULE_CHECK, .flags = IMA_FUNC}, 126 {.action = MEASURE, .func = FIRMWARE_CHECK, .flags = IMA_FUNC}, 127 {.action = MEASURE, .func = POLICY_CHECK, .flags = IMA_FUNC}, 128}; 129 130static struct ima_rule_entry default_appraise_rules[] __ro_after_init = { 131 {.action = DONT_APPRAISE, .fsmagic = PROC_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 132 {.action = DONT_APPRAISE, .fsmagic = SYSFS_MAGIC, .flags = IMA_FSMAGIC}, --- 6 unchanged lines hidden (view full) --- 139 {.action = DONT_APPRAISE, .fsmagic = SELINUX_MAGIC, .flags = IMA_FSMAGIC}, 140 {.action = DONT_APPRAISE, .fsmagic = NSFS_MAGIC, .flags = IMA_FSMAGIC}, 141 {.action = DONT_APPRAISE, .fsmagic = CGROUP_SUPER_MAGIC, .flags = IMA_FSMAGIC}, 142#ifdef CONFIG_IMA_WRITE_POLICY 143 {.action = APPRAISE, .func = POLICY_CHECK, 144 .flags = IMA_FUNC | IMA_DIGSIG_REQUIRED}, 145#endif 146#ifndef CONFIG_IMA_APPRAISE_SIGNED_INIT |
| 142 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .flags = IMA_FOWNER}, | 147 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq, 148 .flags = IMA_FOWNER}, |
| 143#else 144 /* force signature */ | 149#else 150 /* force signature */ |
| 145 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, | 151 {.action = APPRAISE, .fowner = GLOBAL_ROOT_UID, .fowner_op = &uid_eq, |
| 146 .flags = IMA_FOWNER | IMA_DIGSIG_REQUIRED}, 147#endif 148}; 149 150static LIST_HEAD(ima_default_rules); 151static LIST_HEAD(ima_policy_rules); 152static LIST_HEAD(ima_temp_rules); 153static struct list_head *ima_rules; --- 81 unchanged lines hidden (view full) --- 235 (!(rule->mask & mask) && func != POST_SETATTR)) 236 return false; 237 if ((rule->flags & IMA_FSMAGIC) 238 && rule->fsmagic != inode->i_sb->s_magic) 239 return false; 240 if ((rule->flags & IMA_FSUUID) && 241 memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid))) 242 return false; | 152 .flags = IMA_FOWNER | IMA_DIGSIG_REQUIRED}, 153#endif 154}; 155 156static LIST_HEAD(ima_default_rules); 157static LIST_HEAD(ima_policy_rules); 158static LIST_HEAD(ima_temp_rules); 159static struct list_head *ima_rules; --- 81 unchanged lines hidden (view full) --- 241 (!(rule->mask & mask) && func != POST_SETATTR)) 242 return false; 243 if ((rule->flags & IMA_FSMAGIC) 244 && rule->fsmagic != inode->i_sb->s_magic) 245 return false; 246 if ((rule->flags & IMA_FSUUID) && 247 memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid))) 248 return false; |
| 243 if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid)) | 249 if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid)) |
| 244 return false; 245 if (rule->flags & IMA_EUID) { 246 if (has_capability_noaudit(current, CAP_SETUID)) { | 250 return false; 251 if (rule->flags & IMA_EUID) { 252 if (has_capability_noaudit(current, CAP_SETUID)) { |
| 247 if (!uid_eq(rule->uid, cred->euid) 248 && !uid_eq(rule->uid, cred->suid) 249 && !uid_eq(rule->uid, cred->uid)) | 253 if (!rule->uid_op(cred->euid, rule->uid) 254 && !rule->uid_op(cred->suid, rule->uid) 255 && !rule->uid_op(cred->uid, rule->uid)) |
| 250 return false; | 256 return false; |
| 251 } else if (!uid_eq(rule->uid, cred->euid)) | 257 } else if (!rule->uid_op(cred->euid, rule->uid)) |
| 252 return false; 253 } 254 | 258 return false; 259 } 260 |
| 255 if ((rule->flags & IMA_FOWNER) && !uid_eq(rule->fowner, inode->i_uid)) | 261 if ((rule->flags & IMA_FOWNER) && 262 !rule->fowner_op(inode->i_uid, rule->fowner)) |
| 256 return false; 257 for (i = 0; i < MAX_LSM_RULES; i++) { 258 int rc = 0; 259 u32 osid, sid; 260 int retried = 0; 261 262 if (!rule->lsm[i].rule) 263 continue; --- 217 unchanged lines hidden (view full) --- 481enum { 482 Opt_err = -1, 483 Opt_measure = 1, Opt_dont_measure, 484 Opt_appraise, Opt_dont_appraise, 485 Opt_audit, 486 Opt_obj_user, Opt_obj_role, Opt_obj_type, 487 Opt_subj_user, Opt_subj_role, Opt_subj_type, 488 Opt_func, Opt_mask, Opt_fsmagic, | 263 return false; 264 for (i = 0; i < MAX_LSM_RULES; i++) { 265 int rc = 0; 266 u32 osid, sid; 267 int retried = 0; 268 269 if (!rule->lsm[i].rule) 270 continue; --- 217 unchanged lines hidden (view full) --- 488enum { 489 Opt_err = -1, 490 Opt_measure = 1, Opt_dont_measure, 491 Opt_appraise, Opt_dont_appraise, 492 Opt_audit, 493 Opt_obj_user, Opt_obj_role, Opt_obj_type, 494 Opt_subj_user, Opt_subj_role, Opt_subj_type, 495 Opt_func, Opt_mask, Opt_fsmagic, |
| 489 Opt_fsuuid, Opt_uid, Opt_euid, Opt_fowner, | 496 Opt_fsuuid, Opt_uid_eq, Opt_euid_eq, Opt_fowner_eq, 497 Opt_uid_gt, Opt_euid_gt, Opt_fowner_gt, 498 Opt_uid_lt, Opt_euid_lt, Opt_fowner_lt, |
| 490 Opt_appraise_type, Opt_permit_directio, 491 Opt_pcr 492}; 493 494static match_table_t policy_tokens = { 495 {Opt_measure, "measure"}, 496 {Opt_dont_measure, "dont_measure"}, 497 {Opt_appraise, "appraise"}, --- 4 unchanged lines hidden (view full) --- 502 {Opt_obj_type, "obj_type=%s"}, 503 {Opt_subj_user, "subj_user=%s"}, 504 {Opt_subj_role, "subj_role=%s"}, 505 {Opt_subj_type, "subj_type=%s"}, 506 {Opt_func, "func=%s"}, 507 {Opt_mask, "mask=%s"}, 508 {Opt_fsmagic, "fsmagic=%s"}, 509 {Opt_fsuuid, "fsuuid=%s"}, | 499 Opt_appraise_type, Opt_permit_directio, 500 Opt_pcr 501}; 502 503static match_table_t policy_tokens = { 504 {Opt_measure, "measure"}, 505 {Opt_dont_measure, "dont_measure"}, 506 {Opt_appraise, "appraise"}, --- 4 unchanged lines hidden (view full) --- 511 {Opt_obj_type, "obj_type=%s"}, 512 {Opt_subj_user, "subj_user=%s"}, 513 {Opt_subj_role, "subj_role=%s"}, 514 {Opt_subj_type, "subj_type=%s"}, 515 {Opt_func, "func=%s"}, 516 {Opt_mask, "mask=%s"}, 517 {Opt_fsmagic, "fsmagic=%s"}, 518 {Opt_fsuuid, "fsuuid=%s"}, |
| 510 {Opt_uid, "uid=%s"}, 511 {Opt_euid, "euid=%s"}, 512 {Opt_fowner, "fowner=%s"}, | 519 {Opt_uid_eq, "uid=%s"}, 520 {Opt_euid_eq, "euid=%s"}, 521 {Opt_fowner_eq, "fowner=%s"}, 522 {Opt_uid_gt, "uid>%s"}, 523 {Opt_euid_gt, "euid>%s"}, 524 {Opt_fowner_gt, "fowner>%s"}, 525 {Opt_uid_lt, "uid<%s"}, 526 {Opt_euid_lt, "euid<%s"}, 527 {Opt_fowner_lt, "fowner<%s"}, |
| 513 {Opt_appraise_type, "appraise_type=%s"}, 514 {Opt_permit_directio, "permit_directio"}, 515 {Opt_pcr, "pcr=%s"}, 516 {Opt_err, NULL} 517}; 518 519static int ima_lsm_rule_init(struct ima_rule_entry *entry, 520 substring_t *args, int lsm_rule, int audit_type) --- 15 unchanged lines hidden (view full) --- 536 if (!entry->lsm[lsm_rule].rule) { 537 kfree(entry->lsm[lsm_rule].args_p); 538 return -EINVAL; 539 } 540 541 return result; 542} 543 | 528 {Opt_appraise_type, "appraise_type=%s"}, 529 {Opt_permit_directio, "permit_directio"}, 530 {Opt_pcr, "pcr=%s"}, 531 {Opt_err, NULL} 532}; 533 534static int ima_lsm_rule_init(struct ima_rule_entry *entry, 535 substring_t *args, int lsm_rule, int audit_type) --- 15 unchanged lines hidden (view full) --- 551 if (!entry->lsm[lsm_rule].rule) { 552 kfree(entry->lsm[lsm_rule].args_p); 553 return -EINVAL; 554 } 555 556 return result; 557} 558 |
| 544static void ima_log_string(struct audit_buffer *ab, char *key, char *value) | 559static void ima_log_string_op(struct audit_buffer *ab, char *key, char *value, 560 bool (*rule_operator)(kuid_t, kuid_t)) |
| 545{ | 561{ |
| 546 audit_log_format(ab, "%s=", key); | 562 if (rule_operator == &uid_gt) 563 audit_log_format(ab, "%s>", key); 564 else if (rule_operator == &uid_lt) 565 audit_log_format(ab, "%s<", key); 566 else 567 audit_log_format(ab, "%s=", key); |
| 547 audit_log_untrustedstring(ab, value); 548 audit_log_format(ab, " "); 549} | 568 audit_log_untrustedstring(ab, value); 569 audit_log_format(ab, " "); 570} |
| 571static void ima_log_string(struct audit_buffer *ab, char *key, char *value) 572{ 573 ima_log_string_op(ab, key, value, NULL); 574} |
|
| 550 551static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) 552{ 553 struct audit_buffer *ab; 554 char *from; 555 char *p; | 575 576static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) 577{ 578 struct audit_buffer *ab; 579 char *from; 580 char *p; |
| 581 bool uid_token; |
|
| 556 int result = 0; 557 558 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); 559 560 entry->uid = INVALID_UID; 561 entry->fowner = INVALID_UID; | 582 int result = 0; 583 584 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); 585 586 entry->uid = INVALID_UID; 587 entry->fowner = INVALID_UID; |
| 588 entry->uid_op = &uid_eq; 589 entry->fowner_op = &uid_eq; |
|
| 562 entry->action = UNKNOWN; 563 while ((p = strsep(&rule, " \t")) != NULL) { 564 substring_t args[MAX_OPT_ARGS]; 565 int token; 566 unsigned long lnum; 567 568 if (result < 0) 569 break; --- 119 unchanged lines hidden (view full) --- 689 break; 690 } 691 692 result = blk_part_pack_uuid(args[0].from, 693 entry->fsuuid); 694 if (!result) 695 entry->flags |= IMA_FSUUID; 696 break; | 590 entry->action = UNKNOWN; 591 while ((p = strsep(&rule, " \t")) != NULL) { 592 substring_t args[MAX_OPT_ARGS]; 593 int token; 594 unsigned long lnum; 595 596 if (result < 0) 597 break; --- 119 unchanged lines hidden (view full) --- 717 break; 718 } 719 720 result = blk_part_pack_uuid(args[0].from, 721 entry->fsuuid); 722 if (!result) 723 entry->flags |= IMA_FSUUID; 724 break; |
| 697 case Opt_uid: 698 ima_log_string(ab, "uid", args[0].from); 699 case Opt_euid: 700 if (token == Opt_euid) 701 ima_log_string(ab, "euid", args[0].from); | 725 case Opt_uid_gt: 726 case Opt_euid_gt: 727 entry->uid_op = &uid_gt; 728 case Opt_uid_lt: 729 case Opt_euid_lt: 730 if ((token == Opt_uid_lt) || (token == Opt_euid_lt)) 731 entry->uid_op = &uid_lt; 732 case Opt_uid_eq: 733 case Opt_euid_eq: 734 uid_token = (token == Opt_uid_eq) || 735 (token == Opt_uid_gt) || 736 (token == Opt_uid_lt); |
| 702 | 737 |
| 738 ima_log_string_op(ab, uid_token ? "uid" : "euid", 739 args[0].from, entry->uid_op); 740 |
|
| 703 if (uid_valid(entry->uid)) { 704 result = -EINVAL; 705 break; 706 } 707 708 result = kstrtoul(args[0].from, 10, &lnum); 709 if (!result) { 710 entry->uid = make_kuid(current_user_ns(), 711 (uid_t) lnum); 712 if (!uid_valid(entry->uid) || 713 (uid_t)lnum != lnum) 714 result = -EINVAL; 715 else | 741 if (uid_valid(entry->uid)) { 742 result = -EINVAL; 743 break; 744 } 745 746 result = kstrtoul(args[0].from, 10, &lnum); 747 if (!result) { 748 entry->uid = make_kuid(current_user_ns(), 749 (uid_t) lnum); 750 if (!uid_valid(entry->uid) || 751 (uid_t)lnum != lnum) 752 result = -EINVAL; 753 else |
| 716 entry->flags |= (token == Opt_uid) | 754 entry->flags |= uid_token |
| 717 ? IMA_UID : IMA_EUID; 718 } 719 break; | 755 ? IMA_UID : IMA_EUID; 756 } 757 break; |
| 720 case Opt_fowner: 721 ima_log_string(ab, "fowner", args[0].from); | 758 case Opt_fowner_gt: 759 entry->fowner_op = &uid_gt; 760 case Opt_fowner_lt: 761 if (token == Opt_fowner_lt) 762 entry->fowner_op = &uid_lt; 763 case Opt_fowner_eq: 764 ima_log_string_op(ab, "fowner", args[0].from, 765 entry->fowner_op); |
| 722 723 if (uid_valid(entry->fowner)) { 724 result = -EINVAL; 725 break; 726 } 727 728 result = kstrtoul(args[0].from, 10, &lnum); 729 if (!result) { --- 314 unchanged lines hidden (view full) --- 1044 1045 if (entry->flags & IMA_FSUUID) { 1046 seq_printf(m, "fsuuid=%pU", entry->fsuuid); 1047 seq_puts(m, " "); 1048 } 1049 1050 if (entry->flags & IMA_UID) { 1051 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); | 766 767 if (uid_valid(entry->fowner)) { 768 result = -EINVAL; 769 break; 770 } 771 772 result = kstrtoul(args[0].from, 10, &lnum); 773 if (!result) { --- 314 unchanged lines hidden (view full) --- 1088 1089 if (entry->flags & IMA_FSUUID) { 1090 seq_printf(m, "fsuuid=%pU", entry->fsuuid); 1091 seq_puts(m, " "); 1092 } 1093 1094 if (entry->flags & IMA_UID) { 1095 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); |
| 1052 seq_printf(m, pt(Opt_uid), tbuf); | 1096 if (entry->uid_op == &uid_gt) 1097 seq_printf(m, pt(Opt_uid_gt), tbuf); 1098 else if (entry->uid_op == &uid_lt) 1099 seq_printf(m, pt(Opt_uid_lt), tbuf); 1100 else 1101 seq_printf(m, pt(Opt_uid_eq), tbuf); |
| 1053 seq_puts(m, " "); 1054 } 1055 1056 if (entry->flags & IMA_EUID) { 1057 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); | 1102 seq_puts(m, " "); 1103 } 1104 1105 if (entry->flags & IMA_EUID) { 1106 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->uid)); |
| 1058 seq_printf(m, pt(Opt_euid), tbuf); | 1107 if (entry->uid_op == &uid_gt) 1108 seq_printf(m, pt(Opt_euid_gt), tbuf); 1109 else if (entry->uid_op == &uid_lt) 1110 seq_printf(m, pt(Opt_euid_lt), tbuf); 1111 else 1112 seq_printf(m, pt(Opt_euid_eq), tbuf); |
| 1059 seq_puts(m, " "); 1060 } 1061 1062 if (entry->flags & IMA_FOWNER) { 1063 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner)); | 1113 seq_puts(m, " "); 1114 } 1115 1116 if (entry->flags & IMA_FOWNER) { 1117 snprintf(tbuf, sizeof(tbuf), "%d", __kuid_val(entry->fowner)); |
| 1064 seq_printf(m, pt(Opt_fowner), tbuf); | 1118 if (entry->fowner_op == &uid_gt) 1119 seq_printf(m, pt(Opt_fowner_gt), tbuf); 1120 else if (entry->fowner_op == &uid_lt) 1121 seq_printf(m, pt(Opt_fowner_lt), tbuf); 1122 else 1123 seq_printf(m, pt(Opt_fowner_eq), tbuf); |
| 1065 seq_puts(m, " "); 1066 } 1067 1068 for (i = 0; i < MAX_LSM_RULES; i++) { 1069 if (entry->lsm[i].rule) { 1070 switch (i) { 1071 case LSM_OBJ_USER: 1072 seq_printf(m, pt(Opt_obj_user), --- 34 unchanged lines hidden --- | 1124 seq_puts(m, " "); 1125 } 1126 1127 for (i = 0; i < MAX_LSM_RULES; i++) { 1128 if (entry->lsm[i].rule) { 1129 switch (i) { 1130 case LSM_OBJ_USER: 1131 seq_printf(m, pt(Opt_obj_user), --- 34 unchanged lines hidden --- |