ima: clear IMA_HASH

The IMA_APPRAISE and IMA_HASH policies overlap. Clear IMA_HASH properly.

Fixes: da1b0029 ("ima: support new "hash" and "dont_hash" policy actions")
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

parent d77ccdc6

security/integrity/ima/ima_policy.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -389,7 +389,7 @@ int ima_match_policy(struct inode inode, const struct cred cred, u32 secid,
		action \|= entry->action & IMA_DO_MASK;
		if (entry->action & IMA_APPRAISE) {
		action \|= get_subaction(entry, func);
		action ^= IMA_HASH;
		action &= ~IMA_HASH;
		}

		if (entry->action & IMA_DO_MASK)