Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-11 14:42:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

ima: clear IMA_HASH

Browse Source 
The IMA_APPRAISE and IMA_HASH policies overlap. Clear IMA_HASH properly.

Fixes: da1b0029f5 ("ima: support new "hash" and "dont_hash" policy actions")
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Mimi Zohar 2018-03-10 23:07:34 -05:00
parent d77ccdc644
commit a9a4935d44
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/integrity/ima/ima_policy.c
View File

@ -389,7 +389,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
action |= entry->action & IMA_DO_MASK; action |= entry->action & IMA_DO_MASK;
if (entry->action & IMA_APPRAISE) { if (entry->action & IMA_APPRAISE) {
action |= get_subaction(entry, func); action |= get_subaction(entry, func);
action ^= IMA_HASH; action &= ~IMA_HASH;
} }
if (entry->action & IMA_DO_MASK) if (entry->action & IMA_DO_MASK)