From 85659ea40ec33bdb50cfd15c71aa1f0b2a32a72c Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 21 Nov 2017 17:55:49 +0100
Subject: [PATCH] 3.18-stable patches

added patches:
	ima-do-not-update-security.ima-if-appraisal-status-is-not-integrity_pass.patch
---
 ...praisal-status-is-not-integrity_pass.patch | 46 +++++++++++++++++++
 queue-3.18/series                             |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 queue-3.18/ima-do-not-update-security.ima-if-appraisal-status-is-not-integrity_pass.patch

diff --git a/queue-3.18/ima-do-not-update-security.ima-if-appraisal-status-is-not-integrity_pass.patch b/queue-3.18/ima-do-not-update-security.ima-if-appraisal-status-is-not-integrity_pass.patch
new file mode 100644
index 00000000000..ef72b1d6053
--- /dev/null
+++ b/queue-3.18/ima-do-not-update-security.ima-if-appraisal-status-is-not-integrity_pass.patch
@@ -0,0 +1,46 @@
+From 020aae3ee58c1af0e7ffc4e2cc9fe4dc630338cb Mon Sep 17 00:00:00 2001
+From: Roberto Sassu <roberto.sassu@huawei.com>
+Date: Tue, 7 Nov 2017 11:37:07 +0100
+Subject: ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
+
+From: Roberto Sassu <roberto.sassu@huawei.com>
+
+commit 020aae3ee58c1af0e7ffc4e2cc9fe4dc630338cb upstream.
+
+Commit b65a9cfc2c38 ("Untangling ima mess, part 2: deal with counters")
+moved the call of ima_file_check() from may_open() to do_filp_open() at a
+point where the file descriptor is already opened.
+
+This breaks the assumption made by IMA that file descriptors being closed
+belong to files whose access was granted by ima_file_check(). The
+consequence is that security.ima and security.evm are updated with good
+values, regardless of the current appraisal status.
+
+For example, if a file does not have security.ima, IMA will create it after
+opening the file for writing, even if access is denied. Access to the file
+will be allowed afterwards.
+
+Avoid this issue by checking the appraisal status before updating
+security.ima.
+
+Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
+Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/integrity/ima/ima_appraise.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/security/integrity/ima/ima_appraise.c
++++ b/security/integrity/ima/ima_appraise.c
+@@ -297,6 +297,9 @@ void ima_update_xattr(struct integrity_i
+ 	if (iint->flags & IMA_DIGSIG)
+ 		return;
+ 
++	if (iint->ima_file_status != INTEGRITY_PASS)
++		return;
++
+ 	rc = ima_collect_measurement(iint, file, NULL, NULL);
+ 	if (rc < 0)
+ 		return;
diff --git a/queue-3.18/series b/queue-3.18/series
index 54104e2c586..40bd8a5c555 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -6,3 +6,4 @@ sctp-do-not-peel-off-an-assoc-from-one-netns-to-another-one.patch
 fealnx-fix-building-error-on-mips.patch
 af_netlink-ensure-that-nlmsg_done-never-fails-in-dumps.patch
 vlan-fix-a-use-after-free-in-vlan_device_event.patch
+ima-do-not-update-security.ima-if-appraisal-status-is-not-integrity_pass.patch
-- 
2.47.2