From: Dmitry Kasatkin Date: Fri, 13 Jun 2014 15:55:48 +0000 (+0300) Subject: ima: delay template descriptor lookup until use X-Git-Tag: firefly_0821_release~176^2~2675^2~40 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=209b43ca64a6f2b0c7ac66b457f530c52d608c3e;p=firefly-linux-kernel-4.4.55.git ima: delay template descriptor lookup until use process_measurement() always calls ima_template_desc_current(), including when an IMA policy has not been defined. This patch delays template descriptor lookup until action is determined. Signed-off-by: Dmitry Kasatkin Signed-off-by: Mimi Zohar --- diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index cf1c3696c72e..f474c608fa11 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -159,7 +159,7 @@ static int process_measurement(struct file *file, const char *filename, { struct inode *inode = file_inode(file); struct integrity_iint_cache *iint; - struct ima_template_desc *template_desc = ima_template_desc_current(); + struct ima_template_desc *template_desc; char *pathbuf = NULL; const char *pathname = NULL; int rc = -ENOMEM, action, must_appraise, _func; @@ -203,6 +203,7 @@ static int process_measurement(struct file *file, const char *filename, goto out_digsig; } + template_desc = ima_template_desc_current(); if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) { if (action & IMA_APPRAISE_SUBMASK) xattr_ptr = &xattr_value;