mirror of
https://github.com/edk2-porting/linux-next.git
synced 2025-01-19 11:04:00 +08:00
3dd0c8d065
For now we have only "=" operator for fowner/uid/euid rules. This
patch provide two more operators - ">" and "<" in order to make
fowner/uid/euid rules more flexible.
Examples of usage.
Appraise all files owned by special and system users (SYS_UID_MAX 999):
appraise fowner<1000
Don't appraise files owned by normal users (UID_MIN 1000):
dont_appraise fowner>999
Appraise all files owned by users with UID 1000-1010:
dont_appraise fowner>1010
appraise fowner>999
Changelog v3:
- Removed code duplication in ima_parse_rule().
- Fix ima_policy_show() - (Mimi)
Changelog v2:
- Fixed default policy rules.
Signed-off-by: Mikhail Kurinnoi <viewizard@viewizard.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/ima/ima_policy.c | 115 +++++++++++++++++++++++++++---------
1 file changed, 87 insertions(+), 28 deletions(-)
|
||
|---|---|---|
| .. | ||
| ima_api.c | ||
| ima_appraise.c | ||
| ima_crypto.c | ||
| ima_fs.c | ||
| ima_init.c | ||
| ima_kexec.c | ||
| ima_main.c | ||
| ima_mok.c | ||
| ima_policy.c | ||
| ima_queue.c | ||
| ima_template_lib.c | ||
| ima_template_lib.h | ||
| ima_template.c | ||
| ima.h | ||
| Kconfig | ||
| Makefile | ||