X-Git-Url: http://plrg.eecs.uci.edu/git/?a=blobdiff_plain;f=security%2Fintegrity%2Fevm%2Fevm_main.c;h=f589c9a05da29f6bf40cfd903858ee1569791c41;hb=67e2c3883828b39548cee2091b36656787775d95;hp=c5ee1a7c5e8a0a361a8fb21de3ee236faba3804a;hpb=a157508c9790ccd1c8b5c6a828d6ba85bbe95aaa;p=firefly-linux-kernel-4.4.55.git

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index c5ee1a7c5e8a..f589c9a05da2 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -162,9 +162,14 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 					(const char *)xattr_data, xattr_len,
 					calc.digest, sizeof(calc.digest));
 		if (!rc) {
-			/* we probably want to replace rsa with hmac here */
-			evm_update_evmxattr(dentry, xattr_name, xattr_value,
-				   xattr_value_len);
+			/* Replace RSA with HMAC if not mounted readonly and
+			 * not immutable
+			 */
+			if (!IS_RDONLY(dentry->d_inode) &&
+			    !IS_IMMUTABLE(dentry->d_inode))
+				evm_update_evmxattr(dentry, xattr_name,
+						    xattr_value,
+						    xattr_value_len);
 		}
 		break;
 	default: