summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTyler Hicks <tyhicks@linux.microsoft.com>2020-07-09 08:19:10 +0200
committerMimi Zohar <zohar@linux.ibm.com>2020-07-20 19:28:16 +0200
commit592b24cbdc12e52bdb5937c0697df9febf41f8d9 (patch)
tree77f69fd50babed73ba3e2d8695fdbf145d4cc336 /security
parentima: Move comprehensive rule validation checks out of the token parser (diff)
downloadlinux-592b24cbdc12e52bdb5937c0697df9febf41f8d9.tar.xz
linux-592b24cbdc12e52bdb5937c0697df9febf41f8d9.zip
ima: Use the common function to detect LSM conditionals in a rule
Make broader use of ima_rule_contains_lsm_cond() to check if a given rule contains an LSM conditional. This is a code cleanup and has no user-facing change. Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_policy.c11
1 files changed, 2 insertions, 9 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index c679144af042..dcd1aaac4ff0 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -360,17 +360,10 @@ static bool ima_rule_contains_lsm_cond(struct ima_rule_entry *entry)
static void ima_lsm_update_rules(void)
{
struct ima_rule_entry *entry, *e;
- int i, result, needs_update;
+ int result;
list_for_each_entry_safe(entry, e, &ima_policy_rules, list) {
- needs_update = 0;
- for (i = 0; i < MAX_LSM_RULES; i++) {
- if (entry->lsm[i].args_p) {
- needs_update = 1;
- break;
- }
- }
- if (!needs_update)
+ if (!ima_rule_contains_lsm_cond(entry))
continue;
result = ima_lsm_update_rule(entry);