From: Eric Paris <eparis@redhat.com>
Date: Tue, 20 Apr 2010 14:21:13 +0000 (-0400)
Subject: IMA: reject policies with unknown entries
X-Git-Tag: v2.6.35-rc1~488^2^2~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e9d393bf8660fbbbe00617015224342bac3ea6fc;p=thirdparty%2Fkernel%2Flinux.git

IMA: reject policies with unknown entries

Currently the ima policy load code will print what it doesn't understand
but really I think it should reject any policy it doesn't understand.  This
patch makes it so!

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
---

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 0127011573785..dee2dc062bcc8 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -398,6 +398,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
 						   AUDIT_SUBJ_TYPE);
 			break;
 		case Opt_err:
+			result = -EINVAL;
 			audit_log_format(ab, "UNKNOWN=%s ", p);
 			break;
 		}