Revert "ima: Add integrity inode related data to the ima namespace"

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 5f7f33c2. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

Revert "ima: Add integrity inode related data to the ima namespace"
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 5f7f33c2. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
79700fc4 · Zhang Tianxing · Zheng Zengkai · 581fd05a · 79700fc4 · 79700fc4
Showing with 2 addition and 17 deletion

include/linux/ima.h include/linux/ima.h +0 -1

security/integrity/ima/ima_init.c security/integrity/ima/ima_init.c +0 -1

security/integrity/ima/ima_ns.c security/integrity/ima/ima_ns.c +2 -15

未找到文件。
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -220,7 +220,6 @@ struct ima_namespace {
 	atomic_t inactive; /* set only when ns is added to the cleanup list */
 	bool frozen;
 	struct ima_policy_data *policy_data;
-	struct integrity_iint_tree *iint_tree;
 } __randomize_layout;
 extern struct ima_namespace init_ima_ns;

--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -34,7 +34,6 @@ struct ima_namespace init_ima_ns = {
 #endif
 	.frozen = true,
 	.policy_data = &init_policy_data,
-	.iint_tree = &init_iint_tree,
 };
 EXPORT_SYMBOL(init_ima_ns);

--- a/security/integrity/ima/ima_ns.c
+++ b/security/integrity/ima/ima_ns.c
@@ -56,18 +56,11 @@ static struct ima_namespace *ima_ns_alloc(void)
 	ima_ns->policy_data = kzalloc(sizeof(struct ima_policy_data),
 				      GFP_KERNEL);
 	if (!ima_ns->policy_data)
-		goto ns_free;
+		goto out_free;
-	ima_ns->iint_tree = kzalloc(sizeof(struct integrity_iint_tree),
-				    GFP_KERNEL);
-	if (!ima_ns->iint_tree)
-		goto policy_free;
 	return ima_ns;
-policy_free:
+out_free:
-	kfree(ima_ns->policy_data);
-ns_free:
 	kfree(ima_ns);
 out:
 	return NULL;
@@ -127,9 +120,6 @@ static struct ima_namespace *clone_ima_ns(struct user_namespace *user_ns,
 	ns->ucounts = ucounts;
 	ns->frozen = false;
-	rwlock_init(&ns->iint_tree->lock);
-	ns->iint_tree->root = RB_ROOT;
 	INIT_LIST_HEAD(&ns->policy_data->ima_default_rules);
 	INIT_LIST_HEAD(&ns->policy_data->ima_policy_rules);
 	INIT_LIST_HEAD(&ns->policy_data->ima_temp_rules);
@@ -137,7 +127,6 @@ static struct ima_namespace *clone_ima_ns(struct user_namespace *user_ns,
 	return ns;
 fail_free:
-	kfree(ns->iint_tree);
 	kfree(ns->policy_data);
 	kfree(ns);
 fail_dec:
@@ -184,8 +173,6 @@ static void destroy_ima_ns(struct ima_namespace *ns)
 	dec_ima_namespaces(ns->ucounts);
 	put_user_ns(ns->user_ns);
 	ns_free_inum(&ns->ns);
-	integrity_iint_tree_free(ns->iint_tree);
-	kfree(ns->iint_tree);
 	kfree(ns->policy_data);
 	kfree(ns);
 }