• D
    ima: check ima_policy_flag in the ima_file_free() hook · 0f34a006
    Dmitry Kasatkin 提交于
    This patch completes the switching to the 'ima_policy_flag' variable
    in the checks at the beginning of IMA functions, starting with the
    commit a756024e.
    
    Checking 'iint_initialized' is completely unnecessary, because
    S_IMA flag is unset if iint was not allocated. At the same time
    the integrity cache is allocated with SLAB_PANIC and the kernel will
    panic if the allocation fails during kernel initialization. So on
    a running system iint_initialized is always true and can be removed.
    
    Changes in v3:
    * not limiting test to IMA_APPRAISE (spotted by Roberto Sassu)
    
    Changes in v2:
    * 'iint_initialized' removal patch merged to this patch (requested
       by Mimi)
    Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com>
    Acked-by: NRoberto Sassu <roberto.sassu@polito.it>
    0f34a006
ima_main.c 9.6 KB