Commit a9a4935d authored by Mimi Zohar's avatar Mimi Zohar

ima: clear IMA_HASH

The IMA_APPRAISE and IMA_HASH policies overlap. Clear IMA_HASH properly.

Fixes: da1b0029 ("ima: support new "hash" and "dont_hash" policy actions")
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent d77ccdc6
...@@ -389,7 +389,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid, ...@@ -389,7 +389,7 @@ int ima_match_policy(struct inode *inode, const struct cred *cred, u32 secid,
action |= entry->action & IMA_DO_MASK; action |= entry->action & IMA_DO_MASK;
if (entry->action & IMA_APPRAISE) { if (entry->action & IMA_APPRAISE) {
action |= get_subaction(entry, func); action |= get_subaction(entry, func);
action ^= IMA_HASH; action &= ~IMA_HASH;
} }
if (entry->action & IMA_DO_MASK) if (entry->action & IMA_DO_MASK)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment