Commit 4199d35c authored Mar 16, 2011 by Mimi Zohar

vfs: move ima_file_free before releasing the file



ima_file_free(), called on __fput(), currently flags files that have
changed, so that the file is re-measured.  For appraising a files's
integrity, the file's hash must be re-calculated and stored in the
'security.ima' xattr to reflect any changes.

This patch moves the ima_file_free() call to before releasing the file
in preparation of ima-appraisal measuring the file and updating the
'security.ima' xattr.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>

parent 2ab51f37

fs/file_table.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -243,10 +243,10 @@ static void __fput(struct file *file)
		if (file->f_op && file->f_op->fasync)
		file->f_op->fasync(-1, file, 0);
		}
		ima_file_free(file);
		if (file->f_op && file->f_op->release)
		file->f_op->release(inode, file);
		security_file_free(file);
		ima_file_free(file);
		if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL &&
		!(file->f_mode & FMODE_PATH))) {
		cdev_put(inode->i_cdev);