Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 209b43ca authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar
Browse files

ima: delay template descriptor lookup until use 



process_measurement() always calls ima_template_desc_current(),
including when an IMA policy has not been defined.

This patch delays template descriptor lookup until action is
determined.

Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 2c50b964

security/integrity/ima/ima_main.c

+2 −1
Original line number Diff line number Diff line
@@ -159,7 +159,7 @@ static int process_measurement(struct file *file, const char *filename, 
{

	struct inode *inode = file_inode(file);

	struct integrity_iint_cache *iint;

	struct ima_template_desc *template_desc = ima_template_desc_current();

	struct ima_template_desc *template_desc;

	char *pathbuf = NULL;

	const char *pathname = NULL;

	int rc = -ENOMEM, action, must_appraise, _func;
@@ -203,6 +203,7 @@ static int process_measurement(struct file *file, const char *filename, 
		goto out_digsig;

	}



	template_desc = ima_template_desc_current();

	if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {

		if (action & IMA_APPRAISE_SUBMASK)

			xattr_ptr = &xattr_value;