summaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorMimi Zohar <zohar@linux.vnet.ibm.com>2018-03-10 23:07:34 -0500
committerMimi Zohar <zohar@linux.vnet.ibm.com>2018-03-23 06:31:37 -0400
commita9a4935d44b58c858a81393694bc232a96cdcbd4 (patch)
treeee3c6a3bac3399f8d71e75538c554c5ac0807625 /security/integrity
parentd77ccdc644a59b412d8e101576134c90a0aa6797 (diff)
downloadlinux-stable-a9a4935d44b58c858a81393694bc232a96cdcbd4.tar.gz
linux-stable-a9a4935d44b58c858a81393694bc232a96cdcbd4.tar.bz2
linux-stable-a9a4935d44b58c858a81393694bc232a96cdcbd4.zip
ima: clear IMA_HASH
The IMA_APPRAISE and IMA_HASH policies overlap. Clear IMA_HASH properly. Fixes: da1b0029f527 ("ima: support new "hash" and "dont_hash" policy actions") Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima_policy.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index e3da29af2c16..40557c06300f 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -389,7 +389,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
action |= entry->action & IMA_DO_MASK;
if (entry->action & IMA_APPRAISE) {
action |= get_subaction(entry, func);
- action ^= IMA_HASH;
+ action &= ~IMA_HASH;
}
if (entry->action & IMA_DO_MASK)