acrn-kernel/security/loadpin
Kees Cook 2c5e64f0a8 LoadPin: Ignore the "contents" argument of the LSM hooks
[ Upstream commit 1a17e5b513 ]

LoadPin only enforces the read-only origin of kernel file reads. Whether
or not it was a partial read isn't important. Remove the overly
conservative checks so that things like partial firmware reads will
succeed (i.e. reading a firmware header).

Fixes: 2039bda1fa ("LSM: Add "contents" flag to kernel_read_file hook")
Cc: Paul Moore <paul@paul-moore.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge@hallyn.com>
Tested-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://lore.kernel.org/r/20221209195453.never.494-kees@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-12-31 13:33:07 +01:00
..
Kconfig LoadPin: Require file with verity root digests to have a header 2022-09-07 16:37:27 -07:00
Makefile
loadpin.c LoadPin: Ignore the "contents" argument of the LSM hooks 2022-12-31 13:33:07 +01:00