imans: Use initial ima namespace domain tag when IMANS is disabled.

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4C9AE CVE: NA ----------------------------------------------------------------- As part of the imans support, a key domain tag is added to the search criteria in digsig module. When IMA Namespace is disabled, the initial ima namespace domain tag should be used instead of nsproxy. Signed-off-by: N Ajo Jose Panoor <ajo.jose.panoor@huawei.com> Reviewed-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

imans: Use initial ima namespace domain tag when IMANS is disabled.
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4C9AE CVE: NA ----------------------------------------------------------------- As part of the imans support, a key domain tag is added to the search criteria in digsig module. When IMA Namespace is disabled, the initial ima namespace domain tag should be used instead of nsproxy. Signed-off-by: N Ajo Jose Panoor <ajo.jose.panoor@huawei.com> Reviewed-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
1d48e14a · Ajo Jose Panoor · Zheng Zengkai · ae7fe1f9 · 1d48e14a
显示空白变更内容
内联并排

Showing with 4 addition and 1 deletion

security/integrity/digsig.c security/integrity/digsig.c +4 -1

未找到文件。
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -74,8 +74,11 @@ static struct key_tag *domain_tag_from_id(const unsigned int id)
 		return ERR_PTR(-EINVAL);

 	if (id == INTEGRITY_KEYRING_IMA)
+#ifdef CONFIG_IMA_NS
 		return current->nsproxy->ima_ns->key_domain;
-
+#else
+		return init_ima_ns.key_domain;
+#endif
 	return NULL;
 }