diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-03-10 23:07:34 -0500 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-03-23 06:31:37 -0400 |
commit | a9a4935d44b58c858a81393694bc232a96cdcbd4 (patch) | |
tree | ee3c6a3bac3399f8d71e75538c554c5ac0807625 /security/integrity | |
parent | d77ccdc644a59b412d8e101576134c90a0aa6797 (diff) | |
download | linux-stable-a9a4935d44b58c858a81393694bc232a96cdcbd4.tar.gz linux-stable-a9a4935d44b58c858a81393694bc232a96cdcbd4.tar.bz2 linux-stable-a9a4935d44b58c858a81393694bc232a96cdcbd4.zip |
ima: clear IMA_HASH
The IMA_APPRAISE and IMA_HASH policies overlap. Clear IMA_HASH properly.
Fixes: da1b0029f527 ("ima: support new "hash" and "dont_hash" policy actions")
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/ima/ima_policy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index e3da29af2c16..40557c06300f 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -389,7 +389,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, action |= entry->action & IMA_DO_MASK; if (entry->action & IMA_APPRAISE) { action |= get_subaction(entry, func); - action ^= IMA_HASH; + action &= ~IMA_HASH; } if (entry->action & IMA_DO_MASK) |