aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/integrity/ima/ima_policy.c21
1 files changed, 14 insertions, 7 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 1bc9e31ae250..babc5009756d 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -445,19 +445,26 @@ ssize_t ima_parse_add_rule(char *rule)
445 445
446 p = strsep(&rule, "\n"); 446 p = strsep(&rule, "\n");
447 len = strlen(p) + 1; 447 len = strlen(p) + 1;
448
449 if (*p == '#') {
450 kfree(entry);
451 return len;
452 }
453
448 result = ima_parse_rule(p, entry); 454 result = ima_parse_rule(p, entry);
449 if (!result) { 455 if (result) {
450 result = len;
451 mutex_lock(&ima_measure_mutex);
452 list_add_tail(&entry->list, &measure_policy_rules);
453 mutex_unlock(&ima_measure_mutex);
454 } else {
455 kfree(entry); 456 kfree(entry);
456 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, 457 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
457 NULL, op, "invalid policy", result, 458 NULL, op, "invalid policy", result,
458 audit_info); 459 audit_info);
460 return result;
459 } 461 }
460 return result; 462
463 mutex_lock(&ima_measure_mutex);
464 list_add_tail(&entry->list, &measure_policy_rules);
465 mutex_unlock(&ima_measure_mutex);
466
467 return len;
461} 468}
462 469
463/* ima_delete_rules called to cleanup invalid policy */ 470/* ima_delete_rules called to cleanup invalid policy */