diff options
| author | Dmitry Kasatkin | 2014-09-24 10:05:10 +0200 |
|---|---|---|
| committer | Mimi Zohar | 2014-10-07 20:32:52 +0200 |
| commit | 0f34a0060aebf202010b3f8fef348653a2df2346 (patch) | |
| tree | 5cb7a5aabb05827889989c779ac8a2242cd4a0df /security/integrity/ima/ima_main.c | |
| parent | integrity: do zero padding of the key id (diff) | |
| download | kernel-qcow2-linux-0f34a0060aebf202010b3f8fef348653a2df2346.tar.gz kernel-qcow2-linux-0f34a0060aebf202010b3f8fef348653a2df2346.tar.xz kernel-qcow2-linux-0f34a0060aebf202010b3f8fef348653a2df2346.zip | |
ima: check ima_policy_flag in the ima_file_free() hook
This patch completes the switching to the 'ima_policy_flag' variable
in the checks at the beginning of IMA functions, starting with the
commit a756024e.
Checking 'iint_initialized' is completely unnecessary, because
S_IMA flag is unset if iint was not allocated. At the same time
the integrity cache is allocated with SLAB_PANIC and the kernel will
panic if the allocation fails during kernel initialization. So on
a running system iint_initialized is always true and can be removed.
Changes in v3:
* not limiting test to IMA_APPRAISE (spotted by Roberto Sassu)
Changes in v2:
* 'iint_initialized' removal patch merged to this patch (requested
by Mimi)
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Acked-by: Roberto Sassu <roberto.sassu@polito.it>
Diffstat (limited to 'security/integrity/ima/ima_main.c')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 62f59eca32d3..72faf0b5b05c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -143,7 +143,7 @@ void ima_file_free(struct file *file) struct inode *inode = file_inode(file); struct integrity_iint_cache *iint; - if (!iint_initialized || !S_ISREG(inode->i_mode)) + if (!ima_policy_flag || !S_ISREG(inode->i_mode)) return; iint = integrity_iint_find(inode); |