git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Dmitry Kasatkin <d.kasatkin@samsung.com>
	Wed, 24 Sep 2014 08:05:10 +0000 (11:05 +0300)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Tue, 7 Oct 2014 18:32:52 +0000 (14:32 -0400)
commit	0f34a0060aebf202010b3f8fef348653a2df2346
tree	5cb7a5aabb05827889989c779ac8a2242cd4a0df	tree
parent	594081ee7145cc30a3977cb4e218f81213b63dc5	commit \| diff

ima: check ima_policy_flag in the ima_file_free() hook

This patch completes the switching to the 'ima_policy_flag' variable
in the checks at the beginning of IMA functions, starting with the
commit a756024e.

Checking 'iint_initialized' is completely unnecessary, because
S_IMA flag is unset if iint was not allocated. At the same time
the integrity cache is allocated with SLAB_PANIC and the kernel will
panic if the allocation fails during kernel initialization. So on
a running system iint_initialized is always true and can be removed.

Changes in v3:
* not limiting test to IMA_APPRAISE (spotted by Roberto Sassu)

Changes in v2:
* 'iint_initialized' removal patch merged to this patch (requested
by Mimi)

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Acked-by: Roberto Sassu <roberto.sassu@polito.it>

security/integrity/iint.c		diff \| blob \| blame \| history
security/integrity/ima/ima_main.c		diff \| blob \| blame \| history
security/integrity/integrity.h		diff \| blob \| blame \| history