diff options
-rw-r--r-- | security/integrity/ima/ima_policy.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 1bc9e31ae250..babc5009756d 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
@@ -445,19 +445,26 @@ ssize_t ima_parse_add_rule(char *rule) | |||
445 | 445 | ||
446 | p = strsep(&rule, "\n"); | 446 | p = strsep(&rule, "\n"); |
447 | len = strlen(p) + 1; | 447 | len = strlen(p) + 1; |
448 | |||
449 | if (*p == '#') { | ||
450 | kfree(entry); | ||
451 | return len; | ||
452 | } | ||
453 | |||
448 | result = ima_parse_rule(p, entry); | 454 | result = ima_parse_rule(p, entry); |
449 | if (!result) { | 455 | if (result) { |
450 | result = len; | ||
451 | mutex_lock(&ima_measure_mutex); | ||
452 | list_add_tail(&entry->list, &measure_policy_rules); | ||
453 | mutex_unlock(&ima_measure_mutex); | ||
454 | } else { | ||
455 | kfree(entry); | 456 | kfree(entry); |
456 | integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, | 457 | integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, |
457 | NULL, op, "invalid policy", result, | 458 | NULL, op, "invalid policy", result, |
458 | audit_info); | 459 | audit_info); |
460 | return result; | ||
459 | } | 461 | } |
460 | return result; | 462 | |
463 | mutex_lock(&ima_measure_mutex); | ||
464 | list_add_tail(&entry->list, &measure_policy_rules); | ||
465 | mutex_unlock(&ima_measure_mutex); | ||
466 | |||
467 | return len; | ||
461 | } | 468 | } |
462 | 469 | ||
463 | /* ima_delete_rules called to cleanup invalid policy */ | 470 | /* ima_delete_rules called to cleanup invalid policy */ |