diff options
| -rw-r--r-- | security/integrity/ima/ima_api.c | 5 | ||||
| -rw-r--r-- | security/integrity/ima/ima_main.c | 9 |
2 files changed, 5 insertions, 9 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 65c41a968cc1..86885979918c 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c | |||
| @@ -179,11 +179,6 @@ int ima_get_action(struct inode *inode, int mask, int function) | |||
| 179 | return ima_match_policy(inode, function, mask, flags); | 179 | return ima_match_policy(inode, function, mask, flags); |
| 180 | } | 180 | } |
| 181 | 181 | ||
| 182 | int ima_must_measure(struct inode *inode, int mask, int function) | ||
| 183 | { | ||
| 184 | return ima_match_policy(inode, function, mask, IMA_MEASURE); | ||
| 185 | } | ||
| 186 | |||
| 187 | /* | 182 | /* |
| 188 | * ima_collect_measurement - collect file measurement | 183 | * ima_collect_measurement - collect file measurement |
| 189 | * | 184 | * |
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 03bb52ecf490..62f59eca32d3 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -79,6 +79,7 @@ __setup("ima_hash=", hash_setup); | |||
| 79 | */ | 79 | */ |
| 80 | static void ima_rdwr_violation_check(struct file *file, | 80 | static void ima_rdwr_violation_check(struct file *file, |
| 81 | struct integrity_iint_cache *iint, | 81 | struct integrity_iint_cache *iint, |
| 82 | int must_measure, | ||
| 82 | char **pathbuf, | 83 | char **pathbuf, |
| 83 | const char **pathname) | 84 | const char **pathname) |
| 84 | { | 85 | { |
| @@ -95,8 +96,7 @@ static void ima_rdwr_violation_check(struct file *file, | |||
| 95 | send_tomtou = true; | 96 | send_tomtou = true; |
| 96 | } | 97 | } |
| 97 | } else { | 98 | } else { |
| 98 | if ((atomic_read(&inode->i_writecount) > 0) && | 99 | if ((atomic_read(&inode->i_writecount) > 0) && must_measure) |
| 99 | ima_must_measure(inode, MAY_READ, FILE_CHECK)) | ||
| 100 | send_writers = true; | 100 | send_writers = true; |
| 101 | } | 101 | } |
| 102 | 102 | ||
| @@ -174,7 +174,7 @@ static int process_measurement(struct file *file, int mask, int function, | |||
| 174 | * Included is the appraise submask. | 174 | * Included is the appraise submask. |
| 175 | */ | 175 | */ |
| 176 | action = ima_get_action(inode, mask, function); | 176 | action = ima_get_action(inode, mask, function); |
| 177 | violation_check = (function == FILE_CHECK && | 177 | violation_check = ((function == FILE_CHECK || function == MMAP_CHECK) && |
| 178 | (ima_policy_flag & IMA_MEASURE)); | 178 | (ima_policy_flag & IMA_MEASURE)); |
| 179 | if (!action && !violation_check) | 179 | if (!action && !violation_check) |
| 180 | return 0; | 180 | return 0; |
| @@ -194,7 +194,8 @@ static int process_measurement(struct file *file, int mask, int function, | |||
| 194 | } | 194 | } |
| 195 | 195 | ||
| 196 | if (violation_check) { | 196 | if (violation_check) { |
| 197 | ima_rdwr_violation_check(file, iint, &pathbuf, &pathname); | 197 | ima_rdwr_violation_check(file, iint, action & IMA_MEASURE, |
| 198 | &pathbuf, &pathname); | ||
| 198 | if (!action) { | 199 | if (!action) { |
| 199 | rc = 0; | 200 | rc = 0; |
| 200 | goto out_free; | 201 | goto out_free; |