diff options
author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2014-06-13 18:55:48 +0300 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2014-07-17 09:35:09 -0400 |
commit | 209b43ca64a6f2b0c7ac66b457f530c52d608c3e (patch) | |
tree | 49b9c0d04b2abd63be87b6072b19edaa96d414ff | |
parent | 2c50b964823ebb7f0a098878c399ce859cd38e9e (diff) | |
download | op-kernel-dev-209b43ca64a6f2b0c7ac66b457f530c52d608c3e.zip op-kernel-dev-209b43ca64a6f2b0c7ac66b457f530c52d608c3e.tar.gz |
ima: delay template descriptor lookup until use
process_measurement() always calls ima_template_desc_current(),
including when an IMA policy has not been defined.
This patch delays template descriptor lookup until action is
determined.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r-- | security/integrity/ima/ima_main.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index cf1c369..f474c60 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -159,7 +159,7 @@ static int process_measurement(struct file *file, const char *filename, { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint; - struct ima_template_desc *template_desc = ima_template_desc_current(); + struct ima_template_desc *template_desc; char *pathbuf = NULL; const char *pathname = NULL; int rc = -ENOMEM, action, must_appraise, _func; @@ -203,6 +203,7 @@ static int process_measurement(struct file *file, const char *filename, goto out_digsig; } + template_desc = ima_template_desc_current(); if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { if (action & IMA_APPRAISE_SUBMASK) xattr_ptr = &xattr_value; |