From 40d350b483f2007b003a886993ad8353fb671ccb Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@google.com>
Date: Tue, 21 Jun 2022 18:34:19 +0200
Subject: [PATCH] Revert "ANDROID: GKI: Disable security lockdown for unsigned
 modules"

This reverts commit befc75e758df05dee767ca9dca21ae9d925be370.

It conflicts in bad ways with the module code changes in 5.19-rc1 so
revert it for now.  If it is still needed, it can be added back in
later.

Bug: 200082547
Bug: 214445388
Cc: Ramji Jiyani <ramjiyani@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ice884d241ae153a75facc1ca409ea5c59653cde3
---
 kernel/module.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/kernel/module.c b/kernel/module.c
index 358e2eece5e1..cc846a80b229 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2938,15 +2938,7 @@ static int module_sig_check(struct load_info *info, int flags)
 		return -EKEYREJECTED;
 	}
 
-/*
- * ANDROID: GKI: Do not prevent loading of unsigned modules;
- * as all modules except GKI modules are not signed.
- */
-#ifndef CONFIG_MODULE_SIG_PROTECT
 	return security_locked_down(LOCKDOWN_MODULE_SIGNATURE);
-#else
-	return 0;
-#endif
 }
 #else /* !CONFIG_MODULE_SIG */
 static int module_sig_check(struct load_info *info, int flags)