On Wed, 06 Oct 2021 15:49:58 -0400
Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> On Mon, 2021-10-04 at 18:32 -0600, Alex Henrie wrote:
> > @@ -78,9 +81,13 @@ struct ima_rule_entry {
> > unsigned long fsmagic;
> > uuid_t fsuuid;
> > kuid_t uid;
> > + kgid_t gid;
> > kuid_t fowner;
> > + kgid_t fgroup;
> > bool (*uid_op)(kuid_t, kuid_t); /* Handlers for operators */
> > + bool (*gid_op)(kgid_t, kgid_t);
> > bool (*fowner_op)(kuid_t, kuid_t); /* uid_eq(), uid_gt(), uid_lt() */
> > + bool (*fgroup_op)(kgid_t, kgid_t); /* gid_eq(), gid_gt(), gid_lt() */
>
> scripts/checkpatch.pl complains about missing variables.
I'll resend with a new patch that fixes the existing style problems
with the UID code before adding GID support.
> > @@ -582,10 +590,23 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
> > } else if (!rule->uid_op(cred->euid, rule->uid))
> > return false;
> > }
> > -
> > + if ((rule->flags & IMA_GID) && !rule->gid_op(rule->gid, cred->gid))
>
> All of uid_op/gid_op calls in ima_match_rules() pass the "cred->xxxx,
> rule->xxx" except here, where it is rule->gid, cred->rule. Reversing
> the parameters here will help with addressing the checkpatch.pl
> warning.
Good catch, thanks.
-Alex
