summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorKrzysztof Struczynski <krzysztof.struczynski@huawei.com>2020-04-27 13:28:58 +0300
committerMimi Zohar <zohar@linux.ibm.com>2020-05-08 05:54:08 +0300
commit6ee28442a465ab4c4be45e3b15015af24b1ba906 (patch)
treeef7efc6a5394fdd975ed2ae5552a8ebfcfe93db4 /security
parent1129d31b55d509f15e72dc68e4b5c3a4d7b4da8d (diff)
downloadlinux-6ee28442a465ab4c4be45e3b15015af24b1ba906.tar.xz
ima: Remove redundant policy rule set in add_rules()
Function ima_appraise_flag() returns the flag to be set in temp_ima_appraise depending on the hook identifier passed as an argument. It is not necessary to set the flag again for the POLICY_CHECK hook. Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_policy.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index c334e0dc6083..ea9b991f0232 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -643,11 +643,8 @@ static void add_rules(struct ima_rule_entry *entries, int count,
list_add_tail(&entry->list, &ima_policy_rules);
}
- if (entries[i].action == APPRAISE) {
+ if (entries[i].action == APPRAISE)
temp_ima_appraise |= ima_appraise_flag(entries[i].func);
- if (entries[i].func == POLICY_CHECK)
- temp_ima_appraise |= IMA_APPRAISE_POLICY;
- }
}
}