diff options
Diffstat (limited to 'security/integrity/ima/ima_policy.c')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 4d7c0ae656d3..4adcd0f8c1dd 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -220,10 +220,13 @@ retry: /* * In addition to knowing that we need to appraise the file in general, - * we need to differentiate between calling hooks. + * we need to differentiate between calling hooks, for hook specific rules. */ -static int get_subaction(int func) +static int get_subaction(struct ima_rule_entry *rule, int func) { + if (!(rule->flags & IMA_FUNC)) + return IMA_FILE_APPRAISE; + switch(func) { case MMAP_CHECK: return IMA_MMAP_APPRAISE; @@ -268,7 +271,7 @@ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, action |= entry->action & IMA_DO_MASK; if (entry->action & IMA_APPRAISE) - action |= get_subaction(func); + action |= get_subaction(entry, func); if (entry->action & IMA_DO_MASK) actmask &= ~(entry->action | entry->action << 1); |